Logstash pipeline indexing error

mr_ph · February 2, 2024, 11:29am

Hi team,

I am using ELK stack 8.12 for observability. I am collecting input data from SNMP plugin and filtering the data as per my requirement but while doing that i have multiple index for multiple events that I am collecting so at this time I am not able to index the data into the elasticsearch. I am creating a field named index with respective name as per the events but at the end that index is becoming like this

"index" => [
[0] "index1",
[1] "index2",
[2] "Index3",
[3] "index4"
like this and my output plugin is like

output {
elasticsearch {
hosts => ["https://elasticsaerch:9200"]
ssl.certificate_authorities : "/certs/cert"
index => "%{index}"
ssl => true
ilm_enabled => true
}
stdout{codec => rubydebug}
}

but in this way i am not able to index the data.

Thanks in advance.

leandrojmp · February 2, 2024, 1:37pm

You need to share your logstash configuration to show how you are creating the index field.

It cannot be an array, so something needs to be changed.

mr_ph · February 12, 2024, 7:26am

Thank you for the response

There has an issue in the filter part. That's why its shown that way.
Issue resolved.
thanks

system · March 11, 2024, 7:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.