Wrong Index type set in Logstash


(KMG) #1

Not sure , why my Index_type is set to "json" even I haven't mention this anywhere in my config. Actually, my index_type would be set to "test_log" as per the forwarder config. But here, it set to "json". its weird.

Forwarder config:

"files": [
{
"paths": [
"/var/log/test.log"
],

  "fields": { **"type": "test_log"** }
}

]

Sample Logs:

2015-07-01 05:46:57,747 INFO 123456789 172.20.1.10 test.example.com
2015-07-01 05:46:57,748 INFO 127.0.0.1 - - [01/Jul/2015 05:46:57] "GET /index.html HTTP/1.1" 200 354 0.001234

Logstash Stdout:
{
"message" => "2015-07-01 05:46:57,747 INFO 123456789 172.20.1.10 test.example.com",
"@version" => "1",
"@timestamp" => "2015-07-01T09:47:04.201Z",
"type" => "json",
"file" => "/var/log/test.log",
"host" => "test.example.com",
"offset" => "5766756"
}
{
"message" => "2015-07-01 05:46:57,748 INFO 127.0.0.1 - - [01/Jul/2015 05:46:57] "GET /index.html HTTP/1.1" 200 354 0.001234",
"@version" => "1",
"@timestamp" => "2015-07-01T09:47:04.201Z",
"type" => "json",
"file" => "/var/log/test.log",
"host" => "test.example.com",
"offset" => "5766832"
}


(Magnus B├Ąck) #2

What does Logstash's input block that receives the messages look like?


(KMG) #3

this is my input block in logstash server config

lumberjack {
port => 5043
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/test.example.com.crt"
ssl_key => "/etc/pki/tls/private/test.example.com.key"
}


(system) #4