jordansissel
commented
6 years ago This is not obvious, but your symptoms are an indication that your event has no field "message" -- can you confirm?
Closed elapse2039 closed 6 years ago
jordansissel
commented
6 years ago This is not obvious, but your symptoms are an indication that your event has no field "message" -- can you confirm?
elapse2039
commented
6 years ago Sorry for the delay, errr... yes, message had been removed earlier in the pipeline. Thanks for the hint.
I've seen there are various syntax & examples spanning back a few years and I've tried all varieties on Logstash 6.2.2. Using the latest documentation from Elasticsearch 6.2 this is an extract of the output defn':
file { id => "exp" gzip => true flush_interval => 10 path => "/mnt/hdd2/hdd2/logstash_files/logstash-exp-%{+YYYY-MM-dd}.txt.gz" codec => line { format => "m: %{message}" } }
The file is created but when I unzip it I see every line in the output contain the same: m: %{message}
I would like to know if the documentation for this plugin on Elasticsearch 6.2 is correct then why is message field not ending up in the file? I'd also like to know how to reference other fields in the event and add them to the output line.