stackoom
  简体   繁体   中英

Unable to output fields from logstash to csv

 原文  2017-04-09 17:46:59       csv/ elasticsearch/ logstash/ elastic-stack

Question

I'm trying to send logstash outputs to csv, but the columns are not being written in the file.

This is my logstash configuration: 

input 
{
  http 
  {
    host => "0.0.0.0"
    port => 31311
  }
}

filter 
{

    grok {
          match => { "id" => "%{URIPARAM:id}?"  }
      }

    kv 
    {
        field_split => "&?"
        source => "[headers][request_uri]"
    }
}

output 
{

    stdout { codec => rubydebug }

    csv
    {
        fields => ["de,cd,dl,message,bn,ua"]
        path => "/tmp/logstash-bq/text.csv"
        flush_interval => 0
        csv_options => {"col_sep" => ";" "row_sep" => "\r\n"}
    }


}

This is my input: 

curl -X POST 'http://localhost:31311/?id=9decaf95-20a5-428e-a3ca-50485edb9f9f&uid=1-fg4fuqed-j0hzl5q2&ev=pageview&ed=&v=1&dl=http://dev.xxx.com.br/&rl=http://dev.xxxx.com.br/&ts=1491758180677&de=UTF-8&sr=1600x900...

This is logstash answer: 

{
       "headers" => {
            "http_accept" => "*/*",
           "request_path" => "/",
           "http_version" => "HTTP/1.1",
         "request_method" => "POST",
              "http_host" => "localhost:31311",
            "request_uri" => "/?id=xxx...",
        "http_user_agent" => "curl/7.47.1"
    },
            "de" => "UTF-8",
            "cd" => "24",
            "dl" => "http://dev.xxx.com.br/",
       "message" => "",
            "bn" => "Chrome%2057",
            "ua" => "Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_11_3)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/57.0.2987.133%20Safari/537.36",
            "dt" => "xxxx",
           "uid" => "1-fg4fuqed-j0hzl5q2",
            "ev" => "pageview",
    "@timestamp" => 2017-04-09T17:41:03.083Z,
             "v" => "1",
            "md" => "false",
      "@version" => "1",
          "host" => "0:0:0:0:0:0:0:1",
            "rl" => "http://dev.xxx.com.br/",
            "vp" => "1600x236",
            "id" => "9decaf95-20a5-428e-a3ca-50485edb9f9f",
            "ts" => "1491758180677",
            "sr" => "1600x900"
}
[2017-04-09T14:41:03,137][INFO ][logstash.outputs.csv     ] Opening file {:path=>"/tmp/logstash-bq/text.csv"}

But when I open /tmp/logstash-bq/text.csv I see this: 

 2017-04-09T16:26:17.464Z 127.0.0.1 abc2017-04-09T17:19:19.690Z 0:0:0:0:0:0:0:1 2017-04-09T17:23:12.117Z 0:0:0:0:0:0:0:1 2017-04-09T17:24:08.067Z 0:0:0:0:0:0:0:1 2017-04-09T17:31:39.269Z 0:0:0:0:    0:0:0:1 2017-04-09T17:38:02.624Z 0:0:0:0:0:0:0:1 2017-04-09T17:41:03.083Z 0:0:0:0:0:0:0:1

1 answers

solution1
 0 ACCPTED  2017-04-11 11:22:21

CSV output is bugged for logstash 5.x. I had to install logstash 2.4.1.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash - csv output headers Logstash CSV output plugin In Logstash : Is there a way to create fields directly from the header of CSV files? Unable to Load data from CSV to Elasticsearch using Logstash Unable to load csv file through logstash Logstash - Substring from CSV column How to generate @timestamp in logstash by combining two fields / columns of input csv Scrapy CSV output duplicates fields Quote all fields in CSV output Input data from CSV file to logstash
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM