Outputs from logstash somehow are going to the linux syslog file eating into the storage. I will have to delete the syslog file periodically.
How do I stop logstash output from sending to syslog?
What does your config look like?
All my logstash pipeline output is logged to the syslog file.
Below is the output config of all my pipelines. Are there any logstash configurations that will cause this?
output {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => "10.xx.xx.xx"
user => xxxxx
password => xxxxxx
index => "xxxx-%{+YYYY.MM}"
}
}
It it all events that are logged or just the ones with _grokparsefailure? What does the logged entries look like?
All events are logged, including the grokparsefailure ones, the logged entries syslog captured are after the logs being grokked.
Found the cause, one of the pipeline has stdout configured in its output.
Issue resolved once I remove it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.