Logstash output to file and s3 is different

shazbot · September 19, 2019, 4:49pm

I'm trying to build something that would put logs into s3.

In this case i'm working with netflow and my first step was to just get something out there.

input {
  udp {
    port  => 9995
    codec => netflow
  }
}

output {
   s3{
     access_key_id => "REMOVED"
     secret_access_key => "REMOVED"
     bucket => "REMOVED"
   }
   file {
     path => "/var/log/logstash/test.log"
 }
}

The file output is showing the flows decoded. however the s3 output shows a timestamp, an origin IP and %message, it's allso chunking them up into 5MB files.

Any direction would be appreciated.

Badger · September 19, 2019, 4:53pm

The default codec for a file output is json_lines. The default codec for an s3 output is line. You should set the codec on the s3 output.

shazbot · September 19, 2019, 5:12pm

Hi,
Thank you for the reply. This got me a little further down the road. I really appreciate it.

Just for anyone else who is interested. The output that worked is

output {
   s3{
     access_key_id => "Removed"
     secret_access_key => "Removed"
     bucket => "Removed"
     codec =>  "json_lines"

system · October 17, 2019, 5:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash-output-s3 line termination Logstash	3	639	March 5, 2019
S3 Output Plugin: Correct Way to manage codec Logstash	2	947	September 20, 2021
S3 output plugin generates invalid json Logstash	2	527	June 16, 2020
Logstash s3 output plugin storing files as .txt instead of .json on s3 Logstash	1	681	August 21, 2020
How to disable all formatting/processing done by logstash Logstash	6	466	September 22, 2020

Logstash output to file and s3 is different

Related Topics