Cynede · June 22, 2018 07:55
diff --git a/gistfile1.txt b/gistfile1.txt
 input {
    tcp {
    mode => "server"
    port => 678
        # Not using "codec => multiline" here because it adds random line breaks to input. See the following links for more details:
        # https://github.com/elastic/logstash/issues/2925
        # https://github.com/logstash-plugins/logstash-codec-multiline/issues/14
        # https://github.com/logstash-plugins/logstash-codec-multiline/issues/37
        # According to Elastic docs (https://www.elastic.co/guide/en/logstash/current/multiline.html), multiline codec
        # should not be used with input plugins that support multiple hosts (tcp input plugin is obviously one of them).
    }
 }
 filter
 {
    mutate
    {
     	gsub => [ 'message','&quot;','"' ]
    }
    mutate
    {
     	gsub => [ 'message','\n','\\n' ]
    }
    if [message] =~ /^{.*}/
    {
     	json { source => message }
    }
    else
    {
     	drop {}
    }
 }
 output {
    elasticsearch {
        hosts => ["127.0.0.1:9200"]
        sniffing => false
    }
 }
	input {
	tcp {
	mode => "server"
	port => 678
	# Not using "codec => multiline" here because it adds random line breaks to input. See the following links for more details:
	# https://github.com/elastic/logstash/issues/2925
	# https://github.com/logstash-plugins/logstash-codec-multiline/issues/14
	# https://github.com/logstash-plugins/logstash-codec-multiline/issues/37
	# According to Elastic docs (https://www.elastic.co/guide/en/logstash/current/multiline.html), multiline codec
	# should not be used with input plugins that support multiple hosts (tcp input plugin is obviously one of them).
	}
	}
	filter
	{
	mutate
	{
	gsub => [ 'message','"','"' ]
	}
	mutate
	{
	gsub => [ 'message','\n','\\n' ]
	}
	if [message] =~ /^{.*}/
	{
	json { source => message }
	}
	else
	{
	drop {}
	}
	}
	output {
	elasticsearch {
	hosts => ["127.0.0.1:9200"]
	sniffing => false
	}
	}