Question
I have the following configuration file. But when I run this, I get the timestamp changed in the terminal but the log is not shipped to ElasticSearch.
Here is the configuration file:
https://stackoverflow.com/questions/16525088
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianinput {
stdin {
type => "stdin-type"
}
}
filter {
grok {
type => "stdin-type"
patterns_dir=>["./patterns"]
pattern => "%{PARSE_ERROR}"
add_tag=>"%{type1},%{type2},%{slave},ERR_SYSTEM"
}
mutate
{
type=>"stdin-type"
replace => ["@message", "%{message}" ]
replace =>["@timestamp","2013-05-09T05:19:16.876Z"]
}
}
output {
stdout { debug => true debug_format => "json"}
elasticsearch
{
}
}
On removing the replace line, the log gets shipped. Where am I going wrong?
Solution
Run logstash with the verbose flags, and then check your logstash log for any output. In verbose mode, the logstash process usually confirms if the message was sent off to ES or why it wasn't.
Your config looks clean...if the verbose flags don't give you any meaningful output, then you should check your ES setup.
OTHER TIPS
Try the second 'replace' in a second mutate code block.
mutate
{
type=>"stdin-type"
replace => ["@message", "%{message}" ]
}
mutate
{
type=>"stdin-type"
replace =>["@timestamp","2013-05-09T05:19:16.876Z"]
}
