I am using a standard out with ruby for out, no codec defined for input and all messages are being send in on message field. The vendor I am working with is saying we need to get a codec that can seperate messages by new lines. I have tried CEF but got a lot of parse errors. Any suggestions?
have a look here
https://www.elastic.co/guide/en/logstash/current/codec-plugins.html
typical logstash config using a codec with look like this ( of course the codecs will be different depending on your requirements).
input {
file {
type => "json"
path => "/logs/mylogs.log"
codec => "json"
}
}
output {
file {
path => "/logs/out.log"
}
}
there's plenty of material online for the use of codec, but to be honest, most are self explanatory. the only thing you nee to be aware of is the codec is there to "understand" the data and help in filtering and streaming data, so if you have data that dosn't fit the bill for any of the out of the box codecs, then you might have to write your own.
https://www.elastic.co/guide/en/logstash/current/codec-new-plugin.html
hope that helps
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.