theangryangel
commented
5 years ago Enable event as Json doesn’t do what you think it does. You don’t seem to be using its intended purpose, so start off my removing that setting.
Second double check that the fields actually exist in your event. Use the stdout output to confirm you have the serial number field.
After that I’d also double check the nested syntax. When using the %{} notation this is being passed directly to the sprintf function that logstash provides on the event. I’m not able to double check from where I am tonight that it’s definitely correct.
Sent from my iPhone
On 31 May 2019, at 19:11, John-Michael Burke notifications@github.com wrote:
Having this issue on 7.1.1. I have looked at the definition of this flag, event_as_json_keyword, and it looks like this will attempt to do what I have already done with the Json filter in logstash.
My issue: I decode jsons with logstash into a bunch of fields and then would like to send it off to a postgresdb. It seems as though it is not finding these newly generated fields. I have verified this is a valid json and is properly ingested into elasticsearch. As you can see I also am able to use these generated fields to create a new index which is then ingestable by the jdbc output: mutate { add_field => [ "index_name", "%{[MTE][test_station]}" ] }
JDBC Output error message:
JDBC - Exception. Not retrying {:exception=>#<RuntimeError: Invalid Fi eldReference:
%{[MTE][serial_number]}>, :statement=>"IN My logstash config:input { beats { client_inactivity_timeout => 12000000 port => 5044 } } filter { mutate { gsub => [ "message", "\n", "", "message", " ", "" ] }
json { source => "message" } mutate { copy => {"[MTE][timestamp]" => "timestamp"} } mutate { gsub => [ "timestamp", "T", "" ] } date { match => ["timestamp", "YYYYMMddHHmmssZ"] timezone => "UTC" target => "@timestamp" } mutate { remove_field => "timestamp" } mutate { add_field => [ "index_name", "%{[MTE][test_station]}" ] } mutate { lowercase => "index_name" } }
output { elasticsearch { hosts => "elasticsearch:9200" manage_template => true
index => "%{[index_name]}" template => "/usr/share/logstash/logstash-template.json" template_name => "mte_dynamic_template" template_overwrite => true } jdbc { enable_event_as_json_keyword => true connection_string => 'jdbc:postgresql://postgres:5432/postgres' username => 'asdf' password => 'asdf'driver_jar_path=>'/usr/share/logstash/postgres.jar'
statement => [ "INSERT INTO mfg_db (timestamp, test_name, serial_number, test_pass) VALUES(CAST (? as timestamp), ?, ?, ?)", "%{@timestamp}", "%{index_name}", "%{[MTE][serial_number]}" , "%{[MTE][test_pass]}"]}
}
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
john-michaelburke
Having this issue on 7.1.1. I have looked at the definition of this flag, event_as_json_keyword, and it looks like this will attempt to do what I have already done with the Json filter in logstash.
My issue: I decode jsons with logstash into a bunch of fields and then would like to send it off to a postgresdb. It seems as though it is not finding these newly generated fields. I have verified this is a valid json and is properly ingested into elasticsearch. As you can see I also am able to use these generated fields to create a new index which is then ingestable by the jdbc output:
mutate { add_field => [ "index_name", "%{[MTE][test_station]}" ] }JDBC Output error message:
My logstash config: