exec

Milestone: 1

This output will run a command for any matching event.

Example:

output {
  exec {
    type => abuse
    command => "iptables -A INPUT -s %{clientip} -j DROP"
  }
}

Run subprocesses via system ruby function

WARNING: if you want it non-blocking you should use & or dtach or other such techniques

Synopsis

This is what it might look like in your config file:

output {
  exec {
    codec => ... # codec (optional), default: "plain"
    command => ... # string (required)
    workers => ... # number (optional), default: 1
  }
}

Details

codec

Value type is codec
Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.

command (required setting)

Value type is string
There is no default value for this setting.

Command line to execute via subprocess. Use dtach or screen to make it non blocking

exclude_tags DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is array
Default value is []

Only handle events without any of these tags. Note this check is additional to type and tags.

tags DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is array
Default value is []

Only handle events with all of these tags. Note that if you specify a type, the event must also match that type. Optional.

type DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is string
Default value is ""

The type to act on. If a type is given, then this output will only act on messages with the same type. See any input plugin’s “type” attribute for more. Optional.

workers

Value type is number
Default value is 1

The number of workers to use for this output. Note that this setting may not be useful for all outputs.

This is documentation from lib/logstash/outputs/exec.rb