I'm trying a "simple" logstash configuration and want to ouput on a file to check. So I took the conf from https://www.elastic.co/guide/en/logstash/current/plugins-outputs-file.html and put it in my conf:

input {                                                                                                                                                                                                                                   
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => "/config/logstash_out.log"
    codec => {
      line  {
        format => "message: %{message}"
      }
    }
  }

  stdout {}
}

but when I launch it (sudo docker run -it --rm --name logstash -p 514:5000 --link elasticsearch:elasticsearch -v "$PWD":/config logstash logstash -f /config/logstash.conf), I've got a complaint from logstash:

fetched an invalid config 
{:config=>"input {
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}
output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => \"/config/logstash_out.log\"
    codec => { 
      line  { 
        format => \"message: %{message}\"
      }
    }
  }

  stdout {}
}"
, :reason=>"Expected one of #, => at line 20, column 13 (byte 507) 
after output {  elasticsearch {\n    hosts => ['elasticsearch']\n  }
\n\n  file {\n    path => \"/config/logstash_out.log\"\n    
codec => { \n      line  ", :level=>:error}

(I've reformatted a bit so it's more readable)

Any ideas why? I'seen logstash output to file and ignores codec but the proposed solution is marked as DEPRECATED so I would like to avoid

Thanks!