Logstash CSV output giving wrong format

Elastic Stack Logstash
1

I am using Logstash to parse a file containing single line JSON data and output it in a CSV formatted file. Instead of outputting the data as nice separated values it is giving me single line data using timestamp, host, and message fields. Has anyone else encountered this issue and know how to fix it?

Output

Current output

2017-02-08T16:48:45.907Z %{host} %{message}2017-02-08T16:48:45.907Z %{host} %{message}
2017-02-08T16:48:45.907Z %{host} %{message}2017-02-08T16:48:45.907Z %{host} %{message}
2017-02-08T16:48:45.907Z %{host} %{message}2017-02-08T16:48:45.907Z %{host} %{message}

Desired output

timestamp, id, name
timestamp, id, name
timestamp, id, name

Config file:

input {
	file {
		path => "input path"
		sincedb_path => "C:\Logstash\.sincedb*"
		start_position => "beginning"
        codec => "json"
		type => "type"
	}
}

filter {
    mutate {
        add_field => {"eventName" => "%{[event][eventName]}"}
        add_field => {"uniqueDeviceID" => "%{[event][deviceSegment][uniqueDeviceID]}"}
    }
    prune {
        whitelist_names => ["eventName", "uniqueDeviceID", "@timestamp"]
    }
}

output {
    stdout {codec => rubydebug}
    csv {
        fields => ["uniqueDeviceID", "eventName", "@timestamp"]
        path => "output path"
    }
}
2

The issue might come from the fact that you're using Logstash 5.x, which still has an open issue that prevents the csv output from properly consuming events. If that's the case, you may downgrade to Logstash 2.x until this gets resolved.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.