Logstash immediately shuts down upon launch in container due to YAML

weiyentan · November 24, 2020, 7:07am

Hi, I have a logstash.yml file that I am using the http api listener.

I have it listening for some post request inputs that has some Json bod's.

Now i am in the process of processing the json. I have some complex json that I want to use the filter.
I thought that I could use the following code but I as soon as my container spins up with this yml the container shuts down. The following is my code. If any one can help with my syntax I willl be most grateful.

input {
  http {
    port => 6000 # default: 8080
    codec => json
  }
}


filter {
  json{
    source => "message"
  }
  split {
    field => "patchesneeded"
    add_field =>{
      computername => "computername"
    }
  }
  split {
    field => "software"
    add_field =>{
      computername => "computername"
  }
}
output {
    elasticsearch {
    hosts => ["http://elasticsearch:9200"]
    index => "system-inventory-[version]}-%{+YYYY.MM.dd}"
    }
    stdout {
    codec => rubydebug
    }
}

Wolfram_Haussig · November 24, 2020, 7:10am

Hi,

I think your second split is missing a closing bracket: The one for add_field seems to be missing.

Best regards
Wolfram

system · December 22, 2020, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.