Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
n
Nchen
06/24/2018, 9:51 AMHi all, I am trying to push the query results into elasticsearch using logstash and getting errors.
My logstash cfg is :
input {
file {
path => "/var/log/kolide/osquery_result"
type => "osquery_json"
codec => "json"
}
}
filter {
if [type] == "osquery_json" {
date {
match => [ "unixTime", "UNIX" ]
}
}
}
output {
# if [beat][name] =~ "kolide-fleet"{
stdout {}
elasticsearch {
hosts=> "127.0.0.1:9200"
index => "osquery-result-%{+YYYY.MM.dd}"
}
}
}
error I am getting is :
[2018-06-24T07:30:38,694][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2018-06-24T07:30:38,702][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-06-24T07:30:38,965][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, input, filter, output at line 25, column 1 (byte 398) after "}
Problem solved, upgrade to latest ELK + had {} problem in logstash