1. Output Plugin Overview
Output is the final stage of Logstash pipeline, responsible for outputting processed data to target system.
2. stdout Output
2.1 rubydebug codec
output {
stdout {
codec => rubydebug
}
}
2.2 Usage
- Debug verification
- Local development debugging
3. file Output
3.1 Basic Config
output {
file {
path => "/var/log/logstash/%{type}-%{+YYYY.MM.dd}.log"
}
}
3.2 Dynamic Path Template
| Variable | Description |
|---|
%{+YYYY.MM.dd} | Time format |
%{type} | Event type |
%{host} | Hostname |
4. Elasticsearch Output
4.1 Basic Config
output {
elasticsearch {
hosts => ["es1:9200", "es2:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
}
}
4.2 Batch Submit
elasticsearch {
hosts => ["es:9200"]
manage_template => false
index => "my-index"
document_type => "_doc"
}
4.3 Retry Mechanism
- Default retry 3 times
- Can configure
retry_max_items
5. Advanced Features
5.1 Load Balancing
output {
elasticsearch {
hosts => ["es1:9200", "es2:9200", "es3:9200"]
}
}
5.2 Conditional Routing
output {
if [type] == "nginx" {
elasticsearch {
hosts => ["es:9200"]
index => "nginx-%{+YYYY.MM.dd}"
}
} else if [type] == "app" {
elasticsearch {
hosts => ["es:9200"]
index => "app-%{+YYYY.MM.dd}"
}
}
}
5.3 Multi-output Parallel
output {
stdout { codec => rubydebug }
file {
path => "/var/log/archive/%{+YYYY.MM.dd}.log"
}
}
6. Common Issues
| Issue | Cause | Solution |
|---|
| Slow data write | Small bulk size | Increase flush_size |
| Write failure | ES unreachable | Check network/ES status |
| Index template conflict | manage_template=true | Set to false |
7. Summary
- stdout for debugging
- file for archiving
- Elasticsearch for search and analysis
- Conditional routing implements data shunting
