Hey,
I use logstash to parse filebeat events and then send these logs to a .txt file
This is my pipeline :
input
{
beats
{
port => 5044
}
}
filter
{
grok
{
match => { "message" => [ "%{WORD:TYPE};%{DATA:ID1};%{NUMBER:ID2};%{GREEDYDATA:DESCRIPTION}" ] }
}
if ([DESCRIPTION] =~ "CODE")
{
grok
{
match => { "DESCRIPTION" => [ "%{NUMBER:CODE_RETOUR}" ] }
}
}
if ([ID2] == "000003")
{
grok
{
match => { "DESCRIPTION" => [ "%{DATA:TEST}/%{WORD:NOM_BATCH}-%{BASE16NUM:DATE_BATCH}-%{GREEDYDATA:reste}" ] }
}
}
if ([TYPE] == "INFO")
{
if ([ID2] != "000003" and [ID2] != "000005")
{
if ([DESCRIPTION] !~ "info BDD" and [DESCRIPTION] !~ "CODE RETOUR")
{
drop { }
}
}
}
date
{
match => [ "DATE_BATCH", "yyyyMMdd" ]
}
}
output
{
# elasticsearch
# {
# hosts => "http://localhost:9200"
# index => "gestapplicationna"
# }
file
{
path => "./test-%{+YYYY-MM-dd}.txt"
codec => {
line {
format => "%{DESCRIPTION}"
}
}
}
}
I want to have only the "DESCRIPTION" field in the created log file but my output section doesn't work. This is the error msg when i try to --config.test_and_exit
[FATAL] 2018-06-14 13:53:13.873 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, => at line 53, column 16 (byte 967) after output
{
# elasticsearch
# {
# hosts => "http://localhost:9200"
# index => "gestapplicationna"
# }
file {
path => "./test-%{+YYYY-MM-dd}.txt"
codec => {
line
[ERROR] 2018-06-14 13:53:13.877 [LogStash::Runner] Logstash - java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
Can somebody help me ?
Thx u