Logstash unable to send network log to elastic search database but raw data successfully store in system

Kiran_K · August 7, 2023, 8:49am

[WARN ] 2023-08-07 08:45:44.506 [[main]-pipeline-manager] elasticsearch - Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>8}
[INFO ] 2023-08-07 08:45:44.519 [[main]-pipeline-manager] elasticsearch - Not eligible for data streams because config contains one or more settings that are not compatible with data streams: {"index"=>"[@metadata][pipeline]-%{+YYYY.MM.dd}"}
[INFO ] 2023-08-07 08:45:44.519 [[main]-pipeline-manager] elasticsearch - Data streams auto configuration (data_stream => auto or unset) resolved to false
[INFO ] 2023-08-07 08:45:44.536 [Ruby-0-Thread-11: /usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.15.9-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:160] elasticsearch - Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[INFO ] 2023-08-07 08:45:44.548 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/etc/logstash/conf.d/test2.conf"], :thread=>"#<Thread:0x4ac9cea7@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[INFO ] 2023-08-07 08:45:45.302 [[main]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>0.75}
[INFO ] 2023-08-07 08:45:45.308 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2023-08-07 08:45:45.316 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[INFO ] 2023-08-07 08:45:45.367 [[main]<udp] udp - Starting UDP listener {:address=>"0.0.0.0:9006"}
[INFO ] 2023-08-07 08:45:45.377 [[main]<udp] udp - UDP listener started {:address=>"0.0.0.0:9006", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
[INFO ] 2023-08-07 08:45:45.771 [[main]>worker2] file - Opening file {:path=>"/var/data/logs-2023.08.07.json"

Logstash_configuartion
input {
udp {
port => 9006
codec => cef {}
type => syslog
tags => ["name"]
}
}
output {
if [@metadata][pipeline] {
elasticsearch {
hosts => ["https://192.168.1.152:9200"]
ssl => true
pipeline => "%{[@metadata][pipeline]}"
ssl_certificate_verification => false
user => "elastic"
password => "password"
cacert => "/usr/share/elasticsearch/ca/ca.crt"
index => "[@metadata][pipeline]-%{+YYYY.MM.dd}"
}
}
file {
path => "/var/data/logs-%{+YYYY.MM.dd}.json"
}
}

Badger · August 7, 2023, 5:22pm

What makes you think [@metadata][pipeline] is not nil?

system · September 4, 2023, 5:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash output to elasticsearch - open distro for elasticsearch Logstash	3	1431	November 19, 2020
Hi All, I am facing the issue, Not eligible for data streams because config contains one or more settings that are not compatible with data streams: {"index"=>"info_apim_event"} Logstash docker	9	263	April 1, 2024
Logstash cant start the pipeline in the conf.d file Logstash	10	519	June 5, 2022
Logstash logging problem Logstash	16	608	May 22, 2019
Not eligible for data streams because config contains one or more settings that are not compatible with data streams Logstash ilm-index-lifecycle-management	5	6709	August 2, 2023

Logstash unable to send network log to elastic search database but raw data successfully store in system

Related Topics