Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logstash configurationo filters #47

Open
cpapidas opened this issue Nov 5, 2017 · 8 comments
Open

logstash configurationo filters #47

cpapidas opened this issue Nov 5, 2017 · 8 comments
Labels
docs help wanted

Comments

@cpapidas
Copy link

cpapidas commented Nov 5, 2017
edited
Loading

I think is good to create a wiki to tell how to configure the logstash config files according to your filters and the current format.
@boaz0 boaz0 added the docs label Nov 5, 2017
@boaz0
Copy link
Member

boaz0 commented Nov 5, 2017

@cpapidas that's a good idea.
I will try to work on it in the following days but feel free to take it and if you would like.

@boaz0 boaz0 added the claimed label Nov 21, 2017
@boaz0
Copy link
Member

boaz0 commented Oct 30, 2018

reopening - maybe somebody else would like to work on it.

@boaz0 boaz0 reopened this Oct 30, 2018
@HedgeHao
Copy link

HedgeHao commented Mar 2, 2020

Can anyone provide the filter config file? As a newbie for Logstash, I can't make it work. Thanks.

@boaz0
Copy link
Member

boaz0 commented Mar 2, 2020

Hi @HedgeHao 👋
What are you struggling with? Can you elaborate more what exactly you/re trying to do?

Thanks.

@HedgeHao
Copy link

HedgeHao commented Mar 2, 2020

I use the example code trying to send the log to Logstash and got this response:

[2020-03-02T08:39:11,571][WARN ][logstash.filters.json    ][main] Error parsing json {:source=>"message", :raw=>"Hello World!", :exception=>#<LogStash::Json::ParserError: Unrecognized token 'Hello': was expecting ('true', 'false' or 'null')
 at [Source: (byte[])"Hello World!"; line: 1, column: 7]>}

It did connect to Logstash so I thought the problem might be in the config file. Here's my logstash.conf

input {
	tcp {
	    port => 5000
             codec => json
	}
}

filter {
    json {
        source => "message"
    }
}

output {
	elasticsearch {
		hosts => "elasticsearch:9200"
		user => "elastic"
		password => "changeme"
	}
}

@boaz0
Copy link
Member

boaz0 commented Mar 2, 2020

Thanks.
Can you specify Logstash version?

@HedgeHao
Copy link

HedgeHao commented Mar 2, 2020
edited
Loading

Thanks.
Can you specify Logstash version?

Thanks @boaz0. It's Logstash 7.6.0. After some studies. I realize I misunderstand how Logstash works. The problem I have is on Logstash not this package.

For thoses who don't know yet. Logstash simply receive anything you send to it. For the example code to work, logstash.conf only needs

input {
	tcp {
		port => 5000
		codec => "json"
	}
}

Then you need to config Logstash (e.g. use filter) to tell him what to do after receiving data (or don't do anything just pass through the data)

@boaz0
Copy link
Member

boaz0 commented Mar 2, 2020

Cool, I guess this repository does need to invest on documentation, though.
Thanks for looking into it.

@boaz0 boaz0 removed the claimed label Jun 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boaz0 @cpapidas @HedgeHao