You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _data-prepper/migrating-from-logstash-data-prepper.md
+113-7Lines changed: 113 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,20 +29,126 @@ As of the Data Prepper 1.2 release, the following plugins from the Logstash conf
29
29
30
30
## Running Data Prepper with a Logstash configuration
31
31
32
-
1. To install Data Prepper's Docker image, see Installing Data Prepper in [Getting Started with OpenSearch Data Prepper]({{site.url}}{{site.baseurl}}/data-prepper/getting-started#1-installing-data-prepper).
32
+
If you have OpenSearch running on your host and want to run Data Prepper Docker container with Logstash configuration, follow these steps:
33
33
34
-
2. Run the Docker image installed in Step 1 by supplying your `logstash.conf` configuration.
34
+
1. Update the `elasticsearch` section of `logstash.conf` to point to your OpenSearch instance. The host name has to match the OpenSearch certificate SANs, for example `node-0.example.com` if demo installation is used.
35
35
36
-
```
37
-
docker run --name data-prepper -p 4900:4900 -v ${PWD}/logstash.conf:/usr/share/data-prepper/pipelines.conf opensearchproject/data-prepper:latest pipelines.conf
38
-
```
36
+
```
37
+
input {
38
+
http {
39
+
port => 4910 # Note the port used in this example
40
+
}
41
+
}
42
+
filter {
43
+
grok {
44
+
match => { "message" => "%{COMBINEDAPACHELOG}" }
45
+
tag_on_failure => []
46
+
}
47
+
}
48
+
output {
49
+
# Point this at your OpenSearch/OSD endpoint
50
+
elasticsearch {
51
+
hosts => ["https://node-0.example.com:9200"] # change to your host:port
52
+
index => "logstash-%{+YYYY.MM.dd}"
53
+
user => "admin"
54
+
password => "<admin_pass>"
55
+
ssl => true
56
+
ssl_certificate_verification => true
57
+
}
58
+
}
59
+
```
60
+
{% include copy-curl.html %}
61
+
62
+
1. Supply your `logstash.conf` configuration to Data Prepper Docker container, using the following command:
The `logstash.conf` file is converted to `logstash.yaml` by mapping the plugins and attributes in the Logstash configuration to the corresponding plugins and attributes in Data Prepper.
41
-
You can find the converted `logstash.yaml` file in the same directory where you stored `logstash.conf`.
77
+
You can find the converted `logstash.yaml` file in the same directory where you stored `logstash.conf`. See the converted `logstash.yaml` sample file:
78
+
79
+
```
80
+
logstash-converted-pipeline:
81
+
source:
82
+
http:
83
+
max_connection_count: 500
84
+
request_timeout: 10000
85
+
port: 4910
86
+
processor:
87
+
- grok:
88
+
match:
89
+
message:
90
+
- "%{COMBINEDAPACHELOG}"
91
+
sink:
92
+
- opensearch:
93
+
hosts:
94
+
- "https://node-0.example.com:9200"
95
+
username: "admin"
96
+
password: "<admin_pass>"
97
+
index: "logstash-%{yyyy.MM.dd}"
98
+
```
42
99
43
100
44
101
The following output in your terminal indicates that Data Prepper is running correctly:
45
102
46
103
```
47
-
INFO org.opensearch.dataprepper.pipeline.ProcessWorker - log-pipeline Worker: No records received from buffer
104
+
INFO org.opensearch.dataprepper.plugins.source.loghttp.HTTPSource - Started http source on port 4910...
48
105
```
106
+
107
+
To test this further, run the following command on your host to push sample data to Data Prepper:
108
+
109
+
```bash
110
+
curl -X POST "http://localhost:4910/log/ingest" \
111
+
-H "Content-Type: application/json" \
112
+
-d '[{"message":"hello"}]'
113
+
```
114
+
{% include copy-curl.html %}
115
+
116
+
After a couple of seconds you can query OpenSearch `logstash-*` index for this document:
0 commit comments