Using "fields.type" in logstash 7.6

Atul_Chadha · November 11, 2020, 5:31pm

Upgrading from 5.6 to 7.6, how can i use the "fields.type" in logstash to filter out data and also in output section. We had "type" field earlier configured however i believe its not longer supported now.

input {
  beats {
    port => 5044
  }
  beats {
    port => 5045
  }
}
filter {
  if [fields.type] == "inf_os_logs" {
  grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp}" }
    }
# }
}

output {
  if [type] == "inf_os_logs" {
    elasticsearch {
      hosts => ["XXXXX"]
      #index=> "%{type}"
      index=> "inf_%{[fields][type]}_logs"
      user => "XXXX"
      password => "XXXX"
     }
  }
}

I am able to get the logs fine with the "field.type" correct in elasticsearch however the logstash doesn't seem to like it for some reason and sort of drops it there.

Atul_Chadha · November 17, 2020, 9:26am

Checking if anyone has any ideas ?

Atul_Chadha · November 24, 2020, 2:31pm

For anyone who is struggling like me, i was able to use it this way

if [fields][type] == "string"

system · December 22, 2020, 2:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question about mapping types in 6.X (and next versions) Logstash	3	354	March 21, 2018
Can't use type in logstash conf file Logstash	3	421	May 3, 2017
What is the purpose of type field in Input section Logstash	18	8896	July 6, 2017
Logstash type vs Elasticsearch type Logstash	1	342	December 6, 2018
Logstash6 recommended way of filtering for the future? Logstash	5	864	December 14, 2017

Using "fields.type" in logstash 7.6

Related topics