Type in logstash, logstash type
Types in logstash
- Array
- Boolean
- Bytes
- Codec
- Hash
- Number
- Password
- Path
- String
Array
An array can be a single string value or multiple values. If you specify the same setting multiple times, it appends to the array.
Example:
path => [ "/var/log/messages", "/var/log/*.log" ]path => "/data/mysql/mysql.log"
Boolean
Boolean, true, false
Example:
ssl_enable => true
Bytes
A bytes field is a string field that represents a valid unit of bytes. it is a convenient way to declare specific sizes in your plugin options. both SI (k m g t p e z y) and Binary (Ki Mi Gi Ti Pi Ei Zi Yi) units are supported. binary units are in base-1024 and SI units are in base-1000.
Codec
Format of Input and Output
A codec is the name of Logstash codec used to represent the data. Codecs can be used in both inputs and outputs.
Input codecs provide a convenient way to decode your data before it enters the input. output codecs provide a convenient way to encode your data before it leaves the output. using an input or output codec eliminates the need for a separate filter in your Logstash pipeline.
Example:
codec => "json"
Hash
A hash is a collection of key value pairs specified in the format "field1" => "value1 ".
Hash, key-value pair, enclosed by quotation marks.
Example:
match => { "field1" => "value1" "field2" => "value2" ...}
Password
A password is a string with a single value that is not logged or printed.
Similar to string, not output.
Example:
my_password => "password"
Number
Numbers must be valid numeric values (floating point or integer ).
Example:
my_password => "password"
Path
A path is a string that represents a valid operating system path.
Is the system path
A path is a string that represents a valid operating system path.
String
A string must be a single character sequence. Note that string values are enclosed in quotes.
String, which can be enclosed in quotation marks.
name => "Hello world"
Specific can see the original: http://www.elastic.co/guide/en/logstash/current/configuration.html
After familiarizing yourself with these types, you can better understand other modules.
For example, the add_field of grok requires hash-type parameters, that is, the following format:
filter { grok { add_field => { "foo_%{somefield}" => "Hello world, from %{host}" } }}
Postscript
Logstash is a good project with comprehensive documentation and video. It is worth learning.