Logstash influxdb

Having problems with setup of logstash-output-influxdb. My config is below:

input {
    udp {
            port => 11514
            type => "threat"          
    }
   
}
filter {
        if [type] =="threat" {

                grok {
                #patterns_dir =>"/opt/logstash/patterns"
                        match => ["message","%<%{POSINT}>%{MONTH} %{MONTHDAY} %{TIME} %{GREEDYDATA:message}" ]
                }                
                csv {
                    source => "message"
                    columns => [ "Column1", "Column2", "Column3"]]
               }               

       }       
}
output {
        if [type] =="threat" {                
                influxdb {
                  data_points => {'pt1' => "Column1", 'pt2' => "Column2", 'pt3' = "Column3"} 
                  host => "10.10.10.1" 
                  db => "syslog"
                  user => "user"
                  password => "password"
                }
        }
        
}

getting error "Expected one of #, {, } ... data_points => {"column1" => "SourceAddress""

Drop the commas between the hash items, i.e.

data_points => {'pt1' => "Column1" 'pt2' => "Column2" 'pt3' = "Column3"} 

and not

data_points => {'pt1' => "Column1", 'pt2' => "Column2", 'pt3' = "Column3"}

Appreciate ! Now I receive data in InfluxDB but they are just strings Column1 , 2 and 3. How to get real data from csv ?

select * from logstash
name: logstash

time pt1 pt2 pt3
1484845074857000000 Column1 Column2 Column3
1484845074859000000 Column1 Column2 Column3
1484845075690000000 Column1 Column2 Column3

Use %{Column1} instead of Column1.

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references

Wow ! That is great help, thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.