Logstash File Input not setting 'type'

Luke_Anderson · September 14, 2015, 10:28am

Hi,

I am using a file input filter in logstash, and setting the 'type' to a custom value, however when logs are sent to elasticsearch the type is displaying as "logs" and not the value that I am setting.

This in turn is breaking my filter plugin as I am running grok filters based on the 'type' value (within IF statements). For example, my file input plugin would look like:

input {
  file {
    type => "my-log"
    add_field => {
        "program" => "my-program"
        "server" => "my-server"
    }
   path => [ "/usr/local/etc/logstash/my-file.log" ]
   start_position => "beginning"
   sincedb_path => "/tmp/sincedb_ls"
   codec => multiline {
      pattern => "^\["
      what => "previous"
      negate => true
    }
  }
}

I set type => "my-log" in my file input, however this is not being saved. Instead I get a type of "logs" in Elasticsearch (excerpt taken from Marvel Sense _search API):

{
        "_index": "logstash-my-server-2015.09.14",
        "_type": "logs",
        "_id": "AU_LV8iKTwurq_6KlASy",
        "_score": null,
        "_source": {
           "message":

etc etc......

Has anyone had similar issues?

Thanks
Luke

warkolm · September 15, 2015, 9:54pm

That's because you need to set document_type in the ES output.
You can set that to whatever you want, including %{type} if you want it to be dynamic.

Topic		Replies	Views
How can I set elasticsearch type in logstash conf file when importing? Logstash	13	3115	December 30, 2016
Logstash type vs Elasticsearch type Logstash	1	342	December 6, 2018
Logstash always output input event type as log Logstash	4	1483	July 6, 2017
Question about mapping types in 6.X (and next versions) Logstash	3	354	March 21, 2018
How to conditionaly set type of event Logstash	7	1353	December 29, 2017

Logstash File Input not setting 'type'

Related topics