Logstash - Syslog Output - Custom message

Nandhini_Viswanathan · May 16, 2023, 4:18pm

Hi,
I'm I working with Logstash - Syslog Output and I've found ~~out~~ problem with ~~setting~~ custom field message. I'm using Elasticstack 7.8.0.

I've installed logstash syslog-output plugin.

/usr/share/logstash/bin/logstash-plugin install logstash-output-syslog

Logstash configuration:

 output {
    syslog {
        host => "localhost"
        sourcehost => "logstash-other-as1"
        port => 10514
        protocol => "tcp"
        message => "testing message"
        #message => "%{custom-message}"
        appname => "apptest"
      }
}

I'm storing all received data to Elasticsearch DB to review them. Data (Document in Kibana) looks like:

<13>Jul 13 13:41:11 logstash-other-as1 apptestopttest[-]: 2020-07-13T13:41:11.000Z %{host} %{message}

I was using the same configuration on ES stack 6.3.2 and it worked well~~worked~~.
Does anyone know how to resolve this issue?