Logstash output to file and s3 is different

shazbot · September 19, 2019, 4:49pm

I'm trying to build something that would put logs into s3.

In this case i'm working with netflow and my first step was to just get something out there.

input {
  udp {
    port  => 9995
    codec => netflow
  }
}

output {
   s3{
     access_key_id => "REMOVED"
     secret_access_key => "REMOVED"
     bucket => "REMOVED"
   }
   file {
     path => "/var/log/logstash/test.log"
 }
}

The file output is showing the flows decoded. however the s3 output shows a timestamp, an origin IP and %message, it's allso chunking them up into 5MB files.

Any direction would be appreciated.

Badger · September 19, 2019, 4:53pm

The default codec for a file output is json_lines. The default codec for an s3 output is line. You should set the codec on the s3 output.

shazbot · September 19, 2019, 5:12pm

Hi,
Thank you for the reply. This got me a little further down the road. I really appreciate it.

Just for anyone else who is interested. The output that worked is

output {
   s3{
     access_key_id => "Removed"
     secret_access_key => "Removed"
     bucket => "Removed"
     codec =>  "json_lines"

Topic		Replies	Views
S3 Output Plugin Codec Issue Logstash	1	814	July 6, 2017
Question about s3 output plugin Logstash	5	1136	April 13, 2018
S3 Output Plugin: Correct Way to manage codec Logstash	2	1117	September 20, 2021
Logstash-output-s3 line termination Logstash	3	685	March 5, 2019
Logstash s3 output plugin storing files as .txt instead of .json on s3 Logstash	1	721	August 21, 2020

Logstash output to file and s3 is different

Related topics