hello guys,
iam using metric beat as input to log stash and i got output as shown below
{"metricset":{"module":"system","name":"memory","rtt":822},"@timestamp":"2019-01-22T18:45:38.755Z","beat":{"version":"6.5.4","name":"elastic.tdc.com","hostname":"elastic.tdc.com"},"system":{"memory":{"free":13763461120,"total":16559796224,"actual":{"free":14366027776,"used":{"bytes":2193768448,"pct":0.1325}},"used":{"bytes":2796335104,"pct":0.1689},"hugepages":{"free":0,"reserved":0,"total":0,"default_size":2097152,"surplus":0,"used":{"bytes":0,"pct":0}},"swap":{"free":34603003904,"used":{"bytes":0,"pct":0},"total":34603003904}}},"host":{"name":"elastic.tdc.com","architecture":"x86_64","containerized":true,"os":{"version":"6.5 ()","family":"","platform":"oracle"}},"@version":"1","tags":["beats_input_raw_event"]}
how can i send this output to csv and also i need to filter output by fields.here is the config file
input {
beats {
port => 5045
}
}
filter{
kv {
field_split => ":"
}
}
output{
stdout{}
if [[metricset][name]] == "memory" {
csv {
fields=>["[metricset][module]","[metricset][name]","[metricset][rtt]","@timestamp","[beat][version]","[beat][name]","[beat][hostname]","[system][memory][free]","[system][memory][total]","[system][memory][actual][free]","[system][memory][actual][used][bytes]","[system][memory][actual][used][pct]","[system][memory][used][bytes]","[system][memory][used][pct]","[system][memory][hugepages][free]","[system][memory][hugepages][reserved]","[system][memory][hugepages][total]","[system][memory][hugepages][default_size]","[system][memory][hugepages][surplus]","[system][memory][hugepages][used][bytes]","[system][memory][hugepages][used][pct]","[system][memory][swap][free]","[system][memory][swap][used][bytes]","[system][memory][swap][used][pct]","[system][memory][swap][total]","[host][name]","[host][architecture]","[host][containerized]","[host][os][version]","[host][os][family]","[host][os][platform]","[@version]","[tags]"]
path => "/elk/logstash-6.5.1/bin/memory.csv"
}
}
}
iam getting error which is shown below.
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [, #, in, not , ==, !=, <=, >=, <, >, =~, !~, and, or, xor, nand, { at line 13, column 23 (byte 125) after output{\n\tstdout{}\n\tif [[metricset][name]", :backtrace=>["/elk/logstash-6.5.1/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/compiler.rb:49:in compile_graph'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:in map'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:in initialize'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/pipeline.rb:90:in initialize'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/pipeline_action/create.rb:42:in block in execute'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/agent.rb:92:in block in exclusive'", "org/jruby/ext/thread/Mutex.java:148:in synchronize'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/agent.rb:92:in exclusive'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/elk/logstash-6.5.1/logstash-core/lib/logstash/agent.rb:317:in block in converge_state'"]}
can anybody help me