Logstash output to file and ignore codec

Question

Logstash output to file and ignore codec

may someone like to explain to me why logstash continues to ignore the parameter "codec => plain => format", I'm trying to set?

Cfg file that I use:

 input {
        gelf {
                host => "[some ip]"
                port => 12201
        }
}

output {
        elasticsearch {
                host => "[some ip]"
                bind_port => "9301"
        }

        file {
                codec => plain {
                        format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
                }
                path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
        }
}

I thought I used the wrong format, tried different combinations, such as "% {time}" for the fields, and even tried using constant text, for example:

codec => plain {format => "Simple line"}

But nothing works. It tones the elishesearch, creates the folder / files, but outputs it as JSON.

If someone knows what is happening to him, please help. Thank.

+6

file output logstash

user1946099 Apr 21 '15 at 20:51

source share

2 answers

message_format Logstash. message_format - :

file {
  codec => line {
    format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
  }
  path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}

PS: plain, line.

+8

Rohlik 01 . '16 11:16

Alcanzar · Accepted Answer · 2015-04-22T13:15:35+0000

filehas the parameter message_formatyou want to use:

file {
  message_format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
  path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}

Logstash output to file and ignore codec

More articles: