堆栈内存溢出
  简体   繁体   English

Logstash无法在JSON中正确转换

[英]Logstash is not converting correctly in JSON

 原文  2016-07-11 13:56:27       json/ elasticsearch/ logstash

问题描述

Following is my json log file 以下是我的json日志文件 

[
    {
        "error_message": " Failed to get line from input file (end of file?).", 
        "type": "ERROR", 
        "line_no": "2625", 
        "file": "GTFplainText.c", 
        "time": "17:40:02", 
        "date": "01/07/16", 
        "error_code": "GTF-00014"
    }, 
    {
        "error_message": " Bad GTF plain text file header or footer line. ", 
        "type": "ERROR", 
        "line_no": "2669", 
        "file": "GTFplainText.c", 
        "time": "17:40:02", 
        "date": "01/07/16", 
        "error_code": "GTF-00004"
    }, 
    {
        "error_message": " '???' ", 
        "type": "ERROR", 
        "line_no": "2670", 
        "file": "GTFplainText.c", 
        "time": "17:40:02", 
        "date": "01/07/16", 
        "error_code": "GTF-00005"
    }, 
    {
        "error_message": " Failed to find 'event source'/'product detail' records for event source '3025188506' host event type 1 valid", 
        "type": "ERROR", 
        "line_no": "0671", 
        "file": "RGUIDE.cc", 
        "time": "15:43:48", 
        "date": "06/07/16", 
        "error_code": "RGUIDE-00033"
    }
]

According to my understanding As the log is already in json, We do not need filter section in logstash configuration. 根据我的理解,由于日志已经在json中,因此我们在logstash配置中不需要filter部分。 Following is my logstash config 以下是我的logstash配置 

input {
  file{
    path => "/home/ishan/sf_shared/log_json.json"
    start_position => "beginning"
    codec => "json"
  }
}

and the output configuration is 并且输出配置是 

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
  stdout { codec => rubydebug }
}

But it seems like the data is not going into ES, as I am not able to see the data when I query the index. 但是似乎数据没有进入ES,因为查询索引时我看不到数据。 What am I missing? 我想念什么?

1 个解决方案

解决方案1
 0  2016-07-12 11:48:13

I think the problem is that the json codec expects a full json message on one line and won't work with a message on multiple lines. 我认为问题是json编解码器期望一行上有完整的json消息,而不能在多行上使用一条消息。

A possible work around would be to use the multiline codex and use the json filter . 可能的解决方法是使用多行编码并使用json过滤器
The configuration for the multiline codec would be: 多行编解码器的配置为: 

multiline {
  pattern => "]"
  negate => "true"
  what => "next"
}

All the lines that do not begin with ] will be regrouped with the next line, so you'll have one full json document to give to the json filter. 所有不以]开头的行将与下一行重新组合,因此您将拥有一个完整的json文档以提供给json过滤器。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 JSON 正确转换和格式化为 CSV? - Converting & Formating JSON to CSV Correctly? PowerShell JSON 标头未正确转换 - PowerShell JSON Headers not Converting correctly 嵌套的 JSON 消息未通过 logstash 正确解析 - Nested JSON messages are not getting parsed correctly through logstash jQuery插件无法正确转换JSON字符串 - jquery plugin not converting JSON string correctly 文件未正确从 json 转换为 jsonl - File is not converting from json to jsonl correctly 将Map转换为JSON无法正确解析列表 - Converting Map to JSON is not resolving lists correctly JSON.stringify无法正确转换array.object - JSON.stringify not converting array.object correctly Camel交换头中的Json对象未正确转换为字符串 - Json object in Camel exchange header not correctly converting to string 在快速将 JSON 数据转换为字符串时无法正确打印 - in swift converting JSON data to string doesn't print correctly 在Logstash中解析JSON事件 - Parsing JSON event in Logstash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM