Logstash Elasticsearch Input

vishakh · May 6, 2021, 7:49pm

I'm trying to extract (or) export logs from Elasticsearch via Logstash
I would like to write the extracted logs to a file

input {
  elasticsearch {
    hosts => "elasticsearch.domain.com:9200"
    query => '{ "size": 5, "query": { "match": { "host.ip": "10.1.1.1"} } }'
    size => 5
    user => "<username>"
    password => "<password>"
    scroll => "1m"
    ca_file => "/etc/logstash/certs/ca.crt"
    ssl => true
    index => "winlogbeat-7.10*"
   }
}
output {
  file {
    path => "/var/log/logstash/search-output.txt"
    codec => line
   }
}

vishakh · May 6, 2021, 7:53pm

Below is the output from the pipeline execution

vishakh · May 6, 2021, 7:54pm

After the execution, I don't see the log-extracted written into a log file

Badger · May 6, 2021, 9:52pm

Please do not post pictures of text. They are hard to read (and some folks will be unable to read them at all) and impossible to search. Just post the text. If the text is too big post a link to a gist on github or similar text sharing site.

system · June 3, 2021, 9:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.