Logstash unable to send network log to elastic search database but raw data successfully store in system

Elastic Stack Logstash
,
1

[WARN ] 2023-08-07 08:45:44.506 [[main]-pipeline-manager] elasticsearch - Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>8}
[INFO ] 2023-08-07 08:45:44.519 [[main]-pipeline-manager] elasticsearch - Not eligible for data streams because config contains one or more settings that are not compatible with data streams: {"index"=>"[@metadata][pipeline]-%{+YYYY.MM.dd}"}
[INFO ] 2023-08-07 08:45:44.519 [[main]-pipeline-manager] elasticsearch - Data streams auto configuration (data_stream => auto or unset) resolved to false
[INFO ] 2023-08-07 08:45:44.536 [Ruby-0-Thread-11: /usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.15.9-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:160] elasticsearch - Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[INFO ] 2023-08-07 08:45:44.548 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/etc/logstash/conf.d/test2.conf"], :thread=>"#<Thread:0x4ac9cea7@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[INFO ] 2023-08-07 08:45:45.302 [[main]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>0.75}
[INFO ] 2023-08-07 08:45:45.308 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2023-08-07 08:45:45.316 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[INFO ] 2023-08-07 08:45:45.367 [[main]<udp] udp - Starting UDP listener {:address=>"0.0.0.0:9006"}
[INFO ] 2023-08-07 08:45:45.377 [[main]<udp] udp - UDP listener started {:address=>"0.0.0.0:9006", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
[INFO ] 2023-08-07 08:45:45.771 [[main]>worker2] file - Opening file {:path=>"/var/data/logs-2023.08.07.json"

Logstash_configuartion
input {
udp {
port => 9006
codec => cef {}
type => syslog
tags => ["name"]
}
}
output {
if [@metadata][pipeline] {
elasticsearch {
hosts => ["https://192.168.1.152:9200"]
ssl => true
pipeline => "%{[@metadata][pipeline]}"
ssl_certificate_verification => false
user => "elastic"
password => "password"
cacert => "/usr/share/elasticsearch/ca/ca.crt"
index => "[@metadata][pipeline]-%{+YYYY.MM.dd}"
}
}
file {
path => "/var/data/logs-%{+YYYY.MM.dd}.json"
}
}

2

What makes you think [@metadata][pipeline] is not nil?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.