Problem with logstash

joce455 · June 26, 2018, 2:08pm

Hi all, I have a problem to start logstash i think that the cause is my logstash.conf,
input {
udp {
port => 5000
codec => json
}
}

filter {
if [docker][image] =~ /^rancher/ or [docker][image] =~ /^bekt/ {
drop { }
}
mutate {
remove_field => [ "stream","tags"]
gsub => ["message", "\u001b", ""]
gsub => ["message", "[[0-9][0-9]m", ""]
gsub => ["message", "[\]", ""]
}
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:date}](\s\s|\s)%{LOGLEVEL:logtype}: %{GREEDYDATA:header}(:\s|++++:|\s=\s)(%{GREEDYDATA:content}(reqId=%{GREEDYDATA:trasactionId})|%{GREEDYDATA:content})" }
}

split { field => "content" }

if [message] =~ "{"topic":" {
grok {
match => { "message" => "{"topic":%{QS:topic}"}
}
}

}
output {
elasticsearch {
hosts => ["elasticsearch:9200"]
}
stdout { codec => rubydebug }
}

I cant find the mistake, could someone help me please?.

magnusbaeck · June 26, 2018, 2:21pm

Presumably you get an error message when Logstash doesn't start...?

system · July 24, 2018, 2:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.