Ηere is the start of my filter
filter {
if "paloalto" in [tags] {
metrics {
meter => "events_paloalto"
flush_interval => 60
add_tag => "metric_paloalto"
}
...
And here is section of my output
if "metric_paloalto" in [tags] and "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["localhost:9200"]
index => "raw_metrics-%{+YYYY.MM.dd.HH.mm}"
}
stdout { codec => rubydebug }
}
I am not getting anything on my stdout nor or my elasticsearch instance;
Any ideas?
The problem was the following:
metrics actually creates a new event;
My metrics declaration was within an
if {} else drop {}
statement and the new (metric) event was dropped since it did not comply with the if check;
I moved it outside the if scope.