logstash output to file and ignores codec

Question

could please someone explain to me, why logstash keeps ignoring "codec => plain => format" setting, I am trying to set?

Cfg file I am using:

 input {
        gelf {
                host => "[some ip]"
                port => 12201
        }
}

output {
        elasticsearch {
                host => "[some ip]"
                bind_port => "9301"
        }

        file {
                codec => plain {
                        format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
                }
                path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
        }
}

I thought I used the wrong format, tried different combinations like "%{time}" for fields and even tried to use constant text like:

codec => plain {format => "Simple line"}

But nothing seems to work. It outputs to the elasticsearch fine, create folder/files, but outputs it as JSON.

If anyone knows what is going on with it, please help. Thanks.

Answer 1

Parameter message_format is deprecated and will be remove in future relases of Logstash. Instead of using message_format try something like this:

file {
  codec => line {
    format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
  }
  path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}

PS: your example using codec plain, try my with line.

Answer 2

file has a message_format parameter that is what you'll want to use:

file {
  message_format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
  path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}