Types in logstash
Type array boolean bytes codec hash number password path stringarray in logstash
An array can be a single string value or multiple values. If you specify the same setting multiple times, it appends to the array.
Example:
path => [ "/var/log/messages", "/var/log/*.log" ]path => "/data/mysql/mysql.log"
boolean
Boolean, true, false
Example:
ssl_enable => true
bytes
A bytes field is a string field that represents a valid unit of bytes. It is a convenient way to declare specific sizes in your plugin options. Both SI (k M G T P E Z Y) and Binary (Ki Mi Gi Ti Pi Ei Zi Yi) units are supported. Binary units are in base-1024 and SI units are in base-1000.
codec
Format of Input and Output
A codec is the name of Logstash codec used to represent the data. Codecs can be used in both inputs and outputs.
Input codecs provide a convenient way to decode your data before it enters the input. Output codecs provide a convenient way to encode your data before it leaves the output. Using an input or output codec eliminates the need for a separate filter in your Logstash pipeline.
Example:
codec => "json"
hash
A hash is a collection of key value pairs specified in the format "field1" => "value1 ".
Hash, key-value pair, enclosed by quotation marks.
Example:
match => { "field1" => "value1" "field2" => "value2" ...}
password
A password is a string with a single value that is not logged or printed.
Similar to string, not output.
Example:
my_password => "password"
number
Numbers must be valid numeric values (floating point or integer).
example:
my_password => "password"
Path
A path is a string that represents a valid operating system path.
Is the system path
A path is a string that represents a valid operating system path.
string
A string must be a single character sequence. Note that string values are enclosed in quotes.
String, which can be enclosed in quotation marks.
name => "Hello world"
Specific can see the original: http://www.elastic.co/guide/en/logstash/current/configuration.html
After familiarizing yourself with these types, you can better understand other modules.
For example, the add_field of grok requires hash-type parameters, that is, the following format:
filter { grok { add_field => { "foo_%{somefield}" => "Hello world, from %{host}" } }}
Postscript
Logstash is a good project with comprehensive documentation and video. It is worth learning.