Logstash kv{} issue with field without any value

rolfberkenbosch · November 15, 2016, 7:32am

I userd logstash-5.0.0-1

The config is as follows:

input {
tcp {
host => "172.39.39.111"
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
}

filter {
if [type] == "syslog" {
kv {
field_split => " "
include_brackets => false
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
geoip {
source => "dst_ip"
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Topic		Replies	Views
KV filter in logstash 7.2.0 doesn't store a key having empty value Logstash	2	482	August 30, 2019
Kv filter with empty value Logstash	3	2346	July 6, 2017
KV filter to display null keys Logstash	2	681	October 5, 2018
Kv plugin not parsing null value Logstash	6	927	August 20, 2018
Logstash Parsing Key Value Pair without quotes Logstash	1	554	December 7, 2016

Logstash kv{} issue with field without any value

Related topics