堆栈内存溢出
  简体   繁体   English

JSON数组解析问题与logstash

[英]json array parsing issue with logstash

 原文  2017-02-06 07:46:16       json/ logstash/ graylog

问题描述

We want to implement service request trace using http plugin of logstash in JSON Array format. 我们想使用logstash的http插件以JSON Array格式实现服务请求跟踪。

We are getting the following error when trying to parse the JSON array: 尝试解析JSON数组时出现以下错误:

error: 错误: 

:message=>"gsub mutation is only applicable for Strings, skipping", :field=>"message", :value=>nil, :level=>:debug, :file=>"logstash/filters/mutate.rb", :line=>"322", :method=>"gsub"}
:message=>"Exception in filterworker", "exception"=>#<LogStash::ConfigurationError: Only String and Array types are splittable. field:message is of type = NilClass>

My json array is : 我的json数组是: 

{
    "data": [
        {
            "appName": "DemoApp",
            "appVersion": "1.1",
            "deviceId": "1234567",
            "deviceName": "moto e",
            "deviceOSVersion": "5.1",
            "packageName": "com.DemoApp",
            "message": "testing null pointer exception",
            "errorLog": "null pointer exception"
        },
        {
            "appName": "DemoApp",
            "appVersion": "1.1",
            "deviceId": "1234567",
            "deviceName": "moto e",
            "deviceOSVersion": "5.1",
            "packageName": "com.DemoApp",
            "message": "testing illegal state exception",
            "errorLog": "illegal state exception"
        }
    ]
}

my logstash config is : 我的logstash配置是: 

    input {
            http {
            codec => "plain"
            }
    }
    filter{
            json {
                  source => "message"
                 }
            mutate { gsub => [ "message", "},", "shr" ] }
            split {
                  terminator => "shr"
                  field => "data"
           }
    }
    }


output {
 stdout { codec => "json" }
    gelf{
        host => localhost
        facility => "%{type}"
        level =>["%{SeverityLevel}", "INFO"]
        codec => "json"
    }
       file{
        path => "/chroot/result.log"
}
}

Any help would be appreciated. 任何帮助,将不胜感激。

1 个解决方案

解决方案1
 0 已采纳  2017-02-06 12:41:08

Logstash has a default metadata field named message . Logstash有一个名为message的默认元数据字段。 So your json message field is overlapping that. 因此,您的json message字段与之重叠。 Consider changing json field name message to another. 考虑将json字段名称message更改为另一个。

The other option maybe using target setting and referencing the target field like: 另一个选项可能使用target设置并引用目标字段,例如: 

json { source => "message" target => "data"}
mutate { gsub => [ "[data][message]", "\}\,\r\n\r\n\{", "\}shr\{" ] }

I hope this helps. 我希望这有帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 Logstash 中的日志文件解析一组 JSON 对象 - Parsing an array of JSON objects from logfile in Logstash Json数组解析问题 - Json Array Parsing issue JSOn解析问题 - 在Array中 - Issue with JSOn parsing - in Array 解析Json阵列的问题 - Issue with Parsing a Json Array 在Logstash中解析JSON事件 - Parsing JSON event in Logstash Logstash麻烦解析Json - Logstash Trouble parsing Json 将JSON文件解析为logstash - Parsing JSON file into logstash Logstash不解析JSON - Logstash not parsing JSON iOS中的JSON数组解析问题 - JSON array Parsing issue in iOS GSON解析JSON数组时出现问题 - GSON issue parsing a JSON array
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM