Exec output plugin
editExec output plugin
edit- Plugin version: v3.1.1
- Released on: 2017-06-23
- Changelog
Getting Help
editFor questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Description
editThe exec output will run a command for each event received. Ruby’s
system()
function will be used, i.e. the command string will
be passed to a shell. You can use %{name}
and other dynamic strings
in the command to pass select fields from the event to the child
process. Example:
output { if [type] == "abuse" { exec { command => "iptables -A INPUT -s %{clientip} -j DROP" } } }
If you want it non-blocking you should use &
or dtach
or other such techniques. There is no timeout for the commands being
run so misbehaving commands could otherwise stall the Logstash
pipeline indefinitely.
Exercise great caution with %{name}
field placeholders.
The contents of the field will be included verbatim without any
sanitization, i.e. any shell metacharacters from the field values
will be passed straight to the shell.
Exec Output Configuration Options
editThis plugin supports the following configuration options plus the Common Options described later.
Also see Common Options for a list of options supported by all output plugins.
Common Options
editThe following configuration options are supported by all output plugins:
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
enable_metric
edit- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
id
edit- Value type is string
- There is no default value for this setting.
Add a unique ID
to the plugin configuration. If no ID is specified, Logstash will generate one.
It is strongly recommended to set this ID in your configuration. This is particularly useful
when you have two or more plugins of the same type, for example, if you have 2 grok filters.
Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
output { stdout { id => "my_plugin_id" } }