Wrong Index type set in Logstash

gugansankar · July 1, 2015, 10:17am

Not sure , why my Index_type is set to "json" even I haven't mention this anywhere in my config. Actually, my index_type would be set to "test_log" as per the forwarder config. But here, it set to "json". its weird.

Forwarder config:

"files": [
{
"paths": [
"/var/log/test.log"
],

  "fields": { **"type": "test_log"** }
}

]

Sample Logs:

2015-07-01 05:46:57,747 INFO 123456789 172.20.1.10 test.example.com
2015-07-01 05:46:57,748 INFO 127.0.0.1 - - [01/Jul/2015 05:46:57] "GET /index.html HTTP/1.1" 200 354 0.001234

Logstash Stdout:
{
"message" => "2015-07-01 05:46:57,747 INFO 123456789 172.20.1.10 test.example.com",
"@version" => "1",
"@timestamp" => "2015-07-01T09:47:04.201Z",
"type" => "json",
"file" => "/var/log/test.log",
"host" => "test.example.com",
"offset" => "5766756"
}
{
"message" => "2015-07-01 05:46:57,748 INFO 127.0.0.1 - - [01/Jul/2015 05:46:57] "GET /index.html HTTP/1.1" 200 354 0.001234",
"@version" => "1",
"@timestamp" => "2015-07-01T09:47:04.201Z",
"type" => "json",
"file" => "/var/log/test.log",
"host" => "test.example.com",
"offset" => "5766832"
}

magnusbaeck · July 1, 2015, 10:27am

What does Logstash's input block that receives the messages look like?

gugansankar · July 1, 2015, 10:44am

this is my input block in logstash server config

lumberjack {
port => 5043
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/test.example.com.crt"
ssl_key => "/etc/pki/tls/private/test.example.com.key"
}

Topic		Replies	Views
Incorrect type of field in index from Logstash, why? Logstash	9	425	March 17, 2021
How could I set index & type at logstash? Logstash	5	85328	July 6, 2017
Change default Logstash Document Type Logstash	2	1097	July 6, 2017
How to config Logstash to set custom type Logstash	5	4338	July 6, 2017
Logstash how to set field index type from json input Logstash	3	823	December 6, 2017

Wrong Index type set in Logstash

Related topics