Hello Fellow Logstash users.
I have just started to use ELK and am impressed with it. I am trying to propose a project to my senior management. However i am getting a problem in trying to upload the data in appropriate fields - Fields are getting created but they are all strings. I understand that i need to use Mutate - Convert in my log.
PLEASE apologize me if it is a silly mistake. Could some one who has more experience point out my mistake and unblock me.
I am getting error as
D:\logstash-2.1.0\bin>logstash -f Logstash1.conf --configtest
io/console not supported; tty will not be manipulated
Error: Expected one of #, => at line 19, column 3 (byte 430) after filter {
csv {
columns => ["@timestamp", "logtype", "Machinename","Threads","CPUUtilizationPercent", "MemoryUtilizationPercent" ,"EthernetSentKbps" ,"EthernetReceivedKbps"]
mutate
My data is in CSV and .log files
My Config file is as follows.
input {
stdin { }
file {
path => "d:\perfmon.csv"
type => "csv"
start_position => "beginning"
}
file {
path => "D:\logs\service*.log"
type => "\t"
start_position => "beginning"
}
}
filter {
csv {
columns => ["@timestamp", "logtype", "Machinename","Threads","CPUUtilizationPercent", "MemoryUtilizationPercent" ,"EthernetSentKbps" ,"EthernetReceivedKbps"]
mutate
{
convert => [ "Threads", "integer" ]
convert => [ "CPUUtilizationPercent", "integer" ]
convert => [ "MemoryUtilizationPercent", "float" ]
convert => [ "EthernetSentKbps", "float" ]
convert => [ "EthernetReceivedKbps", "float" ]
add_field => {
"logsource" => "%{logsource}"
"method" => "%{method}"
}
}
separator => ","
}
if "log" in [tags] {
// Need to define the Log fields and the Format for specific fields.
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}