Hi,
Reopening for Discussion.
I'm working with Logstash - Syslog Output and I've found problem with custom field message. I'm using Elasticstack 7.10.2
I've installed logstash syslog-output plugin version 3.0.5.
/usr/share/logstash/bin/logstash-plugin install logstash-output-syslog
Logstash configuration:
output {
syslog {
host => "localhost"
sourcehost => "logstash-other-as1"
port => 10514
message => "testing message"
#message => "%{custom-message}"
appname => "apptest"
}
}
I'm storing all received data to Elasticsearch DB to review them. Data (Document in Kibana) looks like:
<13>Jul 13 13:41:11 logstash-other-as1 apptest[-]: 2020-07-13T13:41:11.000Z %{host} %{message}
I was using the same configuration on ES stack 6.3.2 and it worked well.
Does anyone know how to resolve this issue?
Seems there is a workaround for this given in filter in the original ticket
It would be helpful, If sharing the piece of code.