Logstash pipeline indexing error

mr_ph · February 2, 2024, 11:29am

Hi team,

I am using ELK stack 8.12 for observability. I am collecting input data from SNMP plugin and filtering the data as per my requirement but while doing that i have multiple index for multiple events that I am collecting so at this time I am not able to index the data into the elasticsearch. I am creating a field named index with respective name as per the events but at the end that index is becoming like this

"index" => [
[0] "index1",
[1] "index2",
[2] "Index3",
[3] "index4"
like this and my output plugin is like

output {
elasticsearch {
hosts => ["https://elasticsaerch:9200"]
ssl.certificate_authorities : "/certs/cert"
index => "%{index}"
ssl => true
ilm_enabled => true
}
stdout{codec => rubydebug}
}

but in this way i am not able to index the data.

Thanks in advance.

leandrojmp · February 2, 2024, 1:37pm

You need to share your logstash configuration to show how you are creating the index field.

It cannot be an array, so something needs to be changed.

mr_ph · February 12, 2024, 7:26am

Thank you for the response

There has an issue in the filter part. That's why its shown that way.
Issue resolved.
thanks

system · March 11, 2024, 7:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Could Not Index Event to Elasticsearch Error? Elasticsearch	8	38765	December 4, 2017
Logstash not creating new index Logstash	8	448	January 6, 2022
Keep getting this error indexing into Elastic Logstash	7	416	June 25, 2019
Could not index event to Elasticsearch Logstash	5	890	January 12, 2022
[logstash.outputsCould not index event to Elasticsearch."error {"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [host] tried to parse field [host] as object, but found a concrete value" Logstash	4	1134	February 9, 2022

Logstash pipeline indexing error

Related Topics