-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Component/s: logstash-plugin
-
None
wiki payload shows "result" in the payload, but its not in the output for any of mine.
https://wiki.jenkins.io/display/JENKINS/Logstash+Plugin
payload formatted with logstash (final redacted JSON payload attached `a`):
input {
udp {
port => 5555
type => cee
}
}
filter {
if [type] == "cee" {
grok {
match => {
"message" => "<%{NONNEGINT:syslog_pri}>%{NONNEGINT:version}%{SPACE}(?:-|%{TIMESTAMP_ISO8601:syslog_timestamp})%{SPACE}(?:-|%{IPORHOST:hostname})%{SPACE}(?:%{SYSLOG5424PRINTASCII:program}|-)%{SPACE}(?:-|%{SYSLOG5424PRINTASCII:process_id})%{SPACE}(?:-|%{SYSLOG5424PRINTASCII:message_id})%{SPACE}(?:-|(?<structured_data>(\[.*?[^\\]\])+))(?:%{SPACE}@cee: %{GREEDYDATA:syslog_message}|)"
}
add_tag => "%{program}"
}
mutate {
replace => [ "@source", "ecs" ]
}
json {
source => "syslog_message"
target => "syslog_message"
}
if ![fields][class] {
mutate {
add_field => { "[fields][class]" => "jenkins" }
}
}
}
}
output {
elasticsearch {
hosts => ["${ELASTICSEARCH_HOST:localhost}:${ELASTICSEARCH_PORT:9200}"]
ssl => true
index => "%{[fields][class]}-%{+YYYY.MM.dd}"
user => "${ELASTICSEARCH_USER:elastic}"
password => "${ELASTICSEARCH_PASSWORD:changeme}"
}
}
