This repository was archived by the owner on Apr 12, 2022. It is now read-only.
This repository was archived by the owner on Apr 12, 2022. It is now read-only.
Logstash created pipeline in Kibana Management doesn't work, while same pipeline work as main #78
Description
Hi I added netflow pipeline in Kibana Management -> Logstash -> Pipelines
input {
udp {
port => 40006
codec => netflow {
versions => [5, 9]
}
type => netflow
}
}
output {
if ( [type] == "netflow" ) {
elasticsearch {
index => "logstash-netflow-%{host}-%{+YYYY.MM.dd}"
hosts => [ 'elasticsearch' ]
user => 'elastic'
password => "${ELASTIC_PASSWORD}"
ssl => true
cacert => '/usr/share/logstash/config/certs/ca/ca.crt'
}
} else {
elasticsearch {
index => "logstash-n-%{type}-%{+YYYY.MM.dd}"
hosts => [ 'elasticsearch' ]
user => 'elastic'
password => "${ELASTIC_PASSWORD}"
ssl => true
cacert => '/usr/share/logstash/config/certs/ca/ca.crt'
}
}
}
and it did not work, but the main
input {
heartbeat {
interval => 5
message => 'Hello from Logstash 💓'
}
}
output {
elasticsearch {
hosts => [ 'elasticsearch' ]
user => 'elastic'
password => "${ELASTIC_PASSWORD}" # read password from logstash.keystore
ssl => true
cacert => '/usr/share/logstash/config/certs/ca/ca.crt'
}
}
pipeline did work perfectly. Then I copied content of my pipeline
to ./config/logstash/pipeline/logstash.conf. Deleted the pipeline I created in Kibana. Did docker-compose up -d
and my pipeline started to work perfectly fine.
What do I need to do to make additional pipelines to work except the main one? Ideally I need to make multiple files ./config/logstash/pipeline/logstash.conf as I want it to be configured just from the docker-compose and avoid as much as possible manual configuration.