问题
could please someone explain to me, why logstash keeps ignoring "codec => plain => format" setting, I am trying to set?
Cfg file I am using:
input {
gelf {
host => "[some ip]"
port => 12201
}
}
output {
elasticsearch {
host => "[some ip]"
bind_port => "9301"
}
file {
codec => plain {
format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
}
path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}
}
I thought I used the wrong format, tried different combinations like "%{time}" for fields and even tried to use constant text like:
codec => plain {format => "Simple line"}
But nothing seems to work. It outputs to the elasticsearch fine, create folder/files, but outputs it as JSON.
If anyone knows what is going on with it, please help. Thanks.
回答1:
file has a message_format parameter that is what you'll want to use:
file {
message_format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}
回答2:
Parameter message_format is deprecated and will be remove in future relases of Logstash. Instead of using message_format try something like this:
file {
codec => line {
format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
}
path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}
PS: your example using codec plain, try my with line.
来源:https://stackoverflow.com/questions/29782888/logstash-output-to-file-and-ignores-codec