Hey.
I am parsing a big log file with many different log line types.
What I am trying to do is to both pars parameters and keep a full line in a field called "text".
The problem is Logstash fails to create the pipeline when executed with my configuration.
This is a REALLY shortened version of my Logstash configuration file:
input {
file {
path => "/opt/some/path/to/file.txt"
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
max_lines => 1000
}
type => "aaa"
}
}
filter {
if [type] == "aaa" {
grok {
break_on_match => true
match => {
"message" => "%{TIMESTAMP_ISO8601:event_timestamp}%{SPACE}%{DATA:log_level}%{SPACE}\[%{DATA:host}\]%{SPACE}\[%{DATA:tenant}\]%{SPACE}\[%{DATA:java_class}\]%{SPACE}-%{SPACE}<Properties for the task %{DATA:task} has been set>"
"path" => "%{GREEDYDATA:filename}"
add_field => { "text" => "Properties for the task %{task} has been set" }
add_tag => ["bbb"]
}
}
}
date {
match => [ "event_timestamp", "YYYY-MM-dd HH:mm:ss.SSS" ]
timezone => "Etc/GMT"
locale => "en"
}
}
output {
elasticsearch {
hosts => ["xxx", "xxy", "xxz"]
index => "test"
timeout => 120
user => "xxxxx"
password => "xxxxx"
}
}
The problem is the %{task} within the add_field which was parsed on the match above it.
The error i get is:
:exception=>"NameError"
:message=>"uninitialized constant LogStashCompilerLSCLGrammar::LogStash::Compiler::LSCL::AST:: Hash::ConfigurationError"
I will very much appreciate your help.
Thank you.