IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« email file »
Elastic Docs Logstash Reference [5.1] Output plugins

exec

edit

exec

edit
  • Version: 3.1.0
  • Released on: 2016-12-06
  • Changelog
  • Compatible: 5.1.1.1, 5.0.0, 2.4.1, 2.4.0, 2.3.4

This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-exec.

The exec output will run a command for each event received. Ruby’s system() function will be used, i.e. the command string will be passed to a shell. You can use %{name} and other dynamic strings in the command to pass select fields from the event to the child process. Example:

    output {
      if [type] == "abuse" {
        exec {
          command => "iptables -A INPUT -s %{clientip} -j DROP"
        }
      }
    }

If you want it non-blocking you should use & or dtach or other such techniques. There is no timeout for the commands being run so misbehaving commands could otherwise stall the Logstash pipeline indefinitely.

Exercise great caution with %{name} field placeholders. The contents of the field will be included verbatim without any sanitization, i.e. any shell metacharacters from the field values will be passed straight to the shell.

 

Synopsis

edit

This plugin supports the following configuration options:

Required configuration options:

exec {
    command => ...
}

Available configuration options:

Setting Input type Required Default value

codec

codec

No

"plain"

command

string

Yes

enable_metric

boolean

No

true

id

string

No

quiet

boolean

No

false

workers

<<,>>

No

1

Details

edit

 

codec

edit
  • Value type is codec
  • Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.

command

edit
  • This is a required setting.
  • Value type is string
  • There is no default value for this setting.

Command line to execute via subprocess. Use dtach or screen to make it non blocking. This value can include %{name} and other dynamic strings.

enable_metric

edit
  • Value type is boolean
  • Default value is true

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

id

edit
  • Value type is string
  • There is no default value for this setting.

Add a unique ID to the plugin instance, this ID is used for tracking information for a specific configuration of the plugin.

output {
 stdout {
   id => "ABC"
 }
}

If you don’t explicitely set this variable Logstash will generate a unique name.

quiet

edit
  • Value type is boolean
  • Default value is false

display the result of the command to the terminal

workers

edit
  • Value type is string
  • Default value is 1

TODO remove this in Logstash 6.0 when we no longer support the :legacy type This is hacky, but it can only be herne

« email file »