Using "fields.type" in logstash 7.6

Atul_Chadha · November 11, 2020, 5:31pm

Upgrading from 5.6 to 7.6, how can i use the "fields.type" in logstash to filter out data and also in output section. We had "type" field earlier configured however i believe its not longer supported now.

input {
  beats {
    port => 5044
  }
  beats {
    port => 5045
  }
}
filter {
  if [fields.type] == "inf_os_logs" {
  grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp}" }
    }
# }
}

output {
  if [type] == "inf_os_logs" {
    elasticsearch {
      hosts => ["XXXXX"]
      #index=> "%{type}"
      index=> "inf_%{[fields][type]}_logs"
      user => "XXXX"
      password => "XXXX"
     }
  }
}

I am able to get the logs fine with the "field.type" correct in elasticsearch however the logstash doesn't seem to like it for some reason and sort of drops it there.

Atul_Chadha · November 17, 2020, 9:26am

Checking if anyone has any ideas ?

Atul_Chadha · November 24, 2020, 2:31pm

For anyone who is struggling like me, i was able to use it this way

if [fields][type] == "string"

system · December 22, 2020, 2:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error in Parsing logs Elasticsearch	2	634	January 11, 2019
Can logstash get the type of field? Logstash	7	8087	July 6, 2017
Can't use type in logstash conf file Logstash	3	438	May 3, 2017
Logstash type vs Elasticsearch type Logstash	1	357	December 6, 2018
Logstash File Input not setting 'type' Logstash	2	1275	July 6, 2017

Using "fields.type" in logstash 7.6

Related topics