Logstash stdout event

elk2 · February 2, 2018, 3:34pm

I want to print some events from log file before upload to elasticsearch on stdout console but I don't know why don't work this conf file for me.

input{
file{
type => "log"
codec => "json"
path => "/var/log/test.log"
start_position => "beginning"
sincedb_path => "/var/test/sincedb/.sincedb_log"
}

filter {

grok {
match => ["message", "%{SYSLOGBASE} %{URIPATH:url}%{GREEDYDATA:datagreedy}"]
}

if "http://google.com" == [url]{
metrics{
meter => "google_events"
add_tag => "google"
}
}
}

output{

if "google" in [tags]{
stdout {
codec => line { format => "count: %{[google_events][count]} - %[message]"
}
}
elasticsearch {
index => "test"
hosts => ["http://localhost:9200"]
}
}

magnusbaeck · February 2, 2018, 6:19pm

How do you know the url field is ever equal to "http://google.com"?

elk2 · February 5, 2018, 11:47am

Only if url field is "http://google.com" I want a google event message on standard output that don't work because %[message] on standard output is empty. Elasticsearch upload is work fine because I upload all events.

magnusbaeck · February 5, 2018, 1:40pm

And what are you getting in ES?

elk2 · February 5, 2018, 2:03pm

All logs uploaded have:
timestamp
source
destination
url
user
message

system · March 5, 2018, 2:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate filter plugin events not adding to elasticsearch index Logstash	9	1104	August 7, 2019
I don't see my index in index management Logstash	3	256	May 5, 2023
Event not displayed in Kibana, displayed in stdout Logstash	1	701	November 10, 2017
Parsing Syslog to Logstash Logstash	6	489	March 10, 2020
Output events from logstash as plain format Elasticsearch	2	420	July 6, 2017

Logstash stdout event

Related topics