@yaauie For my setup, Logstash is version 7.16.1 and the Beats and TCP input plugin version are 6.2.3. Following is the latest logstash.conf which still generates the excessive deprecation warning logs. I am assuming, by setting the compatibility at the plugin level, this should override the settings in pipelines.yml or logstash.yml, is that right?
input {
beats {
port => 5044
ecs_compatibility => disabled
ssl => true
ssl_certificate_authorities => ["/<root CA cert location>/logstashRootCA.cert.pem"]
ssl_certificate => "/<cert location>/tls.crt"
ssl_key => "/<cert location>/logstashServer-pkcs8.key"
ssl_verify_mode => "full"
tls_min_version => 1.2
tags => ["beats"]
}
tcp {
port => 5054
ecs_compatibility => disabled
codec => json {
ecs_compatibility => disabled
}
ssl_enable => true
ssl_certificate_authorities => ["/<root CA cert location>/logstashRootCA.cert.pem"]
ssl_cert => "/<cert location>/tls.crt"
ssl_key => "/<cert location>/tls.key"
ssl_verify => false
tags => ["tcp"]
}
}
filter {
}
output {
if "beats" in [tags] {
azure_loganalytics {
customer_id => "${LOG_ANALYTICS_CUST_ID}"
shared_key => "${LOG_ANALYTICS_KEY}"
log_type => "uatonpremapplog"
ecs_compatibility => disabled
}
} else if "tcp" in [tags] {
azure_loganalytics {
customer_id => "${LOG_ANALYTICS_CUST_ID}"
shared_key => "${LOG_ANALYTICS_KEY}"
log_type => "uatapilog"
ecs_compatibility => disabled
}
}
}