14 February 2018

Logstash Lines for 2018-02-14

By Andrew Cholakian

Hello Logstashers! Here's what's new in the land of Logstash this past week :)

Improved KV Filter Delimiter / Value Matching

The KV Filter now can use regexps to define values and field delimiters. This is especially useful where you might have one or more values separating data, like 'k=v:k=v:::k=v' etc. There's some very impressive regexp-fu to refactor this plugin to support this ability. The two PRs (#55,#54) that implement this make for some very interesting reading!

Java API Proposal Discussion

We're finally making some serious headway on a Java API. We have a proposal (#9137) you can read if you're interested! This is somewhat early stage, we're just discussing, but our goal is to define a minimal portion of the LS API, enough to convert some plugins to Java.

The Elasticsearch Output will now Only Sniff Non-Master Nodes

We just merged a patch that will prevent master nodes from being sniffed by the Elasticsearch output. This patch brings this output inline with our best practice of not sending data to master nodes. (#694) You can try this out by upgrading your Elasticsearch output plugin today to version 9.0.3.

Other Fixes

  • Fix broken queue stats with PQ: #9116
  • Meetup Input: Search by group name instead of id: #13
  • Fix issue where `sql_last_value` could lose precision: #257
  • Input SQS: Fix sample IAM Policy: #44