Logstash doesn't recognize type

lkofman · November 2, 2017, 10:37am

logstash doesn't recognize type -document_type in filebeat ',even instead type I set document_type
filebeat:

   paths:
     - C:\data\XL\ABPAuditLog_*.log
   input_type: log
   document_type: xlpc
   exclude_lines: ["Filename", "File Creation time","thread_id"]
   multiline.pattern: '^[[:digit:]]+;[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}[[:space:]]{1}[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}.[[:digit:]]{3};'
   multiline.negate: true
   multiline.match: after

logstash.conf:
input {
beats{
port => 5044
}
}
filter{
if [type] == "xlpc" {
grok {
break_on_match => true
keep_empty_captures => false
match => {
message => [
"%{NUMBER:threadid};%{TIMESTAMP_ISO8601:eventutctime};%{DATA:username};%{JAVACLASS:apiname};%{WORD:apireturnstatus};%{WORD:componentname};%{BASE10NUM:customisation-level};%{BASE10NUM:cputimeinmillisec};%{WORD:runmode};%{WORD:errorcodeiffailure}",
"%{NUMBER:threadid};%{TIMESTAMP_ISO8601:eventutctime};%{DATA:username};%{JAVACLASS:apiname};%{WORD:apireturnstatus};%{WORD:componentname};%{BASE10NUM:customisation-level};%{BASE10NUM:cputimeinmillisec};%{WORD:runmode};(%{GREEDYDATA:errorcodeiffailure})\s*%{GREEDYDATA:error_description}"
]
}
patterns_dir => "C:\DoLense\Patterns\patterns"
}
date {
match => ["eventutctime" , "yyyy-MM-dd HH:mm:ss.SSS"]
}
}
}
output {
elasticsearch {
hosts=>"localhost:9200"
index => "logstash%{+YYYY.MM.dd}%{type}"
}
stdout {codec=> rubydebug }
}

system · November 30, 2017, 10:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Logstash doesn't recognize type

logstash doesn't recognize type -document_type in filebeat ',even instead type I set document_type filebeat:

logstash doesn't recognize type -document_type in filebeat ',even instead type I set document_type
filebeat: