OS: Ubuntu 16.04 Logstash: 5.2.1 Elasticsearch: 5.1
I've configured our Deis platform to send logs to our Logstack node with no issues. However, I'm still new to Ruby and Logstash is not yet my strong suit. I can't seem to get the syslog_message to parse correctly.
Log example: "February 15th 2017, 09:55:24.408 @timestamp:February 15th 2017, 09:55:24.408 @version:1 host:x.x.x.x message:2017-02-15T14:55:24UTC deis-logspout[1]: 2017/02/15 14:55:24 routing all to udp://x.x.x.x:xxxx type:json _id:AVpCRVUBf9TikzNy1yFB _type:json _index:logstash-2017.02.15 _score: -
Current configuration:
input { tcp { port => 5000 type => syslog codec => plain } udp { port => 5000 type => syslog codec => plain } } filter { json { source => "syslog_message" } } output { elasticsearch { hosts => ["foo.somehost"] } stdout { codec => rubydebug } }
Elasticsearch output:
"@timestamp" => 2017-02-15T14:55:24.408Z, "@version" => "1", "host" => "x.x.x.x", "message" => "2017-02-15T14:55:24UTC deis-logspout[1]: 2017/02/15 14:55:24 routing all to udp://x.x.x.x:xxxx\n", "type" => "json"
Desired outcome:
"@timestamp" => 2017-02-15T14:55:24.408Z, "@version" => "1", "host" => "x.x.x.x", "type" => "json" "container" => "deis-logspout" "severity level" => "Info" "message" => "2017/02/15 14:55:24 routing all to udp://x.x.x.x:xxxx\n"
What should I be doing to make this work right? Thank you for taking your time to look at this.