Logstash stdout event

elk2 · February 2, 2018, 3:34pm

I want to print some events from log file before upload to elasticsearch on stdout console but I don't know why don't work this conf file for me.

input{
file{
type => "log"
codec => "json"
path => "/var/log/test.log"
start_position => "beginning"
sincedb_path => "/var/test/sincedb/.sincedb_log"
}

filter {

grok {
match => ["message", "%{SYSLOGBASE} %{URIPATH:url}%{GREEDYDATA:datagreedy}"]
}

if "http://google.com" == [url]{
metrics{
meter => "google_events"
add_tag => "google"
}
}
}

output{

if "google" in [tags]{
stdout {
codec => line { format => "count: %{[google_events][count]} - %[message]"
}
}
elasticsearch {
index => "test"
hosts => ["http://localhost:9200"]
}
}

magnusbaeck · February 2, 2018, 6:19pm

How do you know the url field is ever equal to "http://google.com"?

elk2 · February 5, 2018, 11:47am

Only if url field is "http://google.com" I want a google event message on standard output that don't work because %[message] on standard output is empty. Elasticsearch upload is work fine because I upload all events.

magnusbaeck · February 5, 2018, 1:40pm

And what are you getting in ES?

elk2 · February 5, 2018, 2:03pm

All logs uploaded have:
timestamp
source
destination
url
user
message

system · March 5, 2018, 2:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.