Hello,
For some reason, I can't seem to figure out why, but whenever we use the tcp input plugin, an addition "port" field gets added to our documents. For example "port": 39750.
Can anyone confirm if this is default behaviour from the tcp input plugin?
We could use filters to remove the field yes, but I would like to confirm if this is behaviour coming from this plugin, as it is no where mentioned in the documentation of:
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-tcp.html
I could also be overlooking something completely and it could be on our end, but has anyone else encountered this?
I also found a possibly related issue here: https://github.com/logstash-plugins/logstash-input-tcp/issues/146
Currently we are running the tcp input plugin with this configuration:
# input plugin configuration
input {
# udp connection for transport
udp {
id => "UDP-INPUT"
host => "0.0.0.0"
port => 19503
codec => "json"
type => "udp"
workers => 5
queue_size => 5000
tags => [ "data-udp" ]
}
# tcp connection for transport
tcp {
id => "TCP-INPUT"
host => "0.0.0.0"
port => 19503
codec => "json_lines"
type => "tcp"
tags => [ "data-tcp" ]
}
}
# output plugin configuration
output {
# handler for the magnum devices
elasticsearch {
id => "ELASTICSEARCH"
index => "device-%{+YYYY.MM.dd}"
hosts => [ "host:9200" ]
codec => "json"
template => "/parasite/applications/configuration/global/mapping/elasticsearch-template-device.json"
template_name => "device-template"
template_overwrite => true
}
}
Logstash version: 7.4.2
Regards