Using a generated field in a logstash output -

February 15, 2014

i'm trying create syslog forwarder in logstash, read in syslog messages (or format), , output syslog.

here's output config:

output {     stdout { debug => true debug_format => "json"}     syslog {         appname => "gulfstream"         facility => "daemon"         host => "127.0.0.1"         port => "514"         protocol => "tcp"         severity => "%{severity}"     } }

and here's example log message:

{"@source":"file://ubuntu/etc/nbase/gs-switch-1/g150.log","@tags":[],"@fields":{"severity":["error"],"message":["eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc"]},"@timestamp":"2013-05-14t18:35:13.095z","@source_host":"ubuntu","@source_path":"/etc/nbase/gs-switch-1/g150.log","@message":"e 2013-05-13 16:47:15,1265 eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc","@type":"gs-switch"}

note "@fields":{"severity"} section. i've tried severity => %{@fields.severity} , %{severity}, in cases error:

invalid setting syslog output plugin:    output {     syslog {       # setting must ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"]       # expected 1 of ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"], got ["%{@message}"]       severity => ["%{severity}"]       ...     }   } {:level=>:error}

can point out i'm doing wrong?

i don't think functionality you're seeking implemented. can see need , have added ticket in. check here logstash-1090

Search This Blog

New Mian

Using a generated field in a logstash output -

Comments

Post a Comment

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

node.js - Getting the socket id,user id pair of a logged in user(s) -

keyboard - C++ GetAsyncKeyState alternative -