TCP input plugin generate additional port field


For some reason, I can't seem to figure out why, but whenever we use the tcp input plugin, an addition "port" field gets added to our documents. For example "port": 39750.
Can anyone confirm if this is default behaviour from the tcp input plugin?
We could use filters to remove the field yes, but I would like to confirm if this is behaviour coming from this plugin, as it is no where mentioned in the documentation of:

I could also be overlooking something completely and it could be on our end, but has anyone else encountered this?

I also found a possibly related issue here:

Currently we are running the tcp input plugin with this configuration:

# input plugin configuration
input {

   # udp connection for transport
   udp {
      id         => "UDP-INPUT"
      host       => ""
      port       => 19503
      codec      => "json"
      type       => "udp"
      workers    => 5
      queue_size => 5000
      tags       => [ "data-udp" ]

   # tcp connection for transport
   tcp {
      id         => "TCP-INPUT"
      host       => ""
      port       => 19503
      codec      => "json_lines"
      type       => "tcp"
      tags       => [ "data-tcp" ]
# output plugin configuration
output {
    # handler for the magnum devices
    elasticsearch {
        id                 => "ELASTICSEARCH"
        index              => "device-%{+YYYY.MM.dd}"
        hosts              => [ "host:9200" ]
        codec              => "json"
        template           => "/parasite/applications/configuration/global/mapping/elasticsearch-template-device.json"
        template_name      => "device-template"
        template_overwrite => true

Logstash version: 7.4.2



Thanks the source code helps alot too, much appreciated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.