Tag: logstash

How to check socket connection ?

How to check socket connection between filebeat, logstash and elasticseearch ?

netstat -anp | grep 9200
netstat -anp | grep 5044

a – Show all listening and non-listening sockets
n – numberical address
p – process id and name that socket belongs to

9200 – Elasticsearch port
5044 – Filebeat port

ESTABLISHED” status for the sockets that established connection between logstash and elasticseearch / filebeat.

LISTEN” status for the sockets that listening for incoming connections.

To view the count of socket, use

 wc -l

command

logstash expression

if EXPRESSION {

} else if EXPRESSION {

} else {

}

EXPRESSION are Comparison tests, boolean logic, etc.

Comparison operators:
equality: ==, !=, <, >, <=, >=
regexp: =~, !~ (checks a pattern on the right against a string value on the left)
inclusion: in, not in

boolean operators:
and, or, nand, xor

unary operator:
!

group with parentheses (…)

Any “value” contains in “tags”:

if “value” in [tags] {
}

Check String Field:

if [myFieldName] =~ /.+/ {
# exists
}

if [myFieldName] !~ /.+/ {
# doesn’t exist
}

Check Number Field:

if [myFieldName] {
# exists
}

 

how to test logstash config

How do test logstash config?

$ cat test.config
input {
stdin { }
}
output {
stdout {
codec => rubydebug }
}
filter {
date {
match => [“message”, “dd/MM/YYYY HH.mm.ss”]
}
}

$ echo ’12/28/2016 10.50.11′ | /opt/logstash/bin/logstash -f test.config
{
“message” => “12/28/2016 10.50.11”,
“@version” => “1”,
“@timestamp” => “2016-12-28T10:50:11.000Z”,
“host” => “mydearhost”
}