stackoom
  简体   繁体   中英

Parse JSON message in Logstash

 原文  2015-12-18 12:31:38       json/ jenkins/ logstash

Question

I am sending my jenkins logs to logstash with following config: 

  redis { host => "localhost" key => "logstash" data_type => "list" codec => json }

This works as smooth as expected, now i see follwoing message in KIBANA: 

 { "_index": "logstash-2015.12.18", "_type": "logs", "_id": "AVG1BN5LXZBIbp7HE4xN", "_score": null, "_source": { "data": { "id": "965", "projectName": "NicePJ", "displayName": "#965", "fullDisplayName": "NicePJ", "url": "job/NIcePJ/965/", "buildHost": "Jenkins", "buildLabel": "master", "buildNum": 965, "buildDuration": 1, "rootProjectName": "NicePJ", "rootProjectDisplayName": "#965", "rootBuildNum": 965, "buildVariables": { "target_SUT": "0201", "report_warnings": "false", "product": "Ours", "testsuite": "Exciting_stuff5", "qft_version": "current", "target_task": "t324", "branch": "test", "testcase": "", "revision": "HEAD", "node": "hsqs960", "client": "Desktop", "run_specific_test": "false", "user": "xxxxx" } }, "message": [ "A This is a message XYZ" ], "source": "jenkins", "source_host": "http://serverXL:8080/", "@timestamp": "2015-12-18T12:16:02.000Z", "@version": 1 }, "fields": { "@timestamp": [ 1450440962000 ] }, "sort": [ 1450440962000 ] }

Now i want to filter the message field for certain messages, but i cant get it work. How can i filter the message field and how can i access the buildHost field to use it in an if statement in the pipeline?

Following i tried after many examples: 

  if[data][buildHost]== "jenkins" { grok { match => { "message[0]" => "\\[exec\\]\\s*\\<%{GREEDYDATA:test}\\s*\\[%{GREEDYDATA:result}\\]" } } }

But this is just not working at all, please help me out.

1 answers

solution1
 3  2017-09-03 07:40:56

Conditional

The == compares simple string and case sensitive, so "jenkins" will not match as your data shows ( "buildHost": "Jenkins", ): 

if[data][buildHost]== "jenkins"

But following does: 

if[data][buildHost]== "Jenkins"

If you need match both, you can either use || or regex =~ .

Grok

The grok is a filter to parse message with regex pattern. You can test your regex pattern with

  • online grok debugger
  • Kibana dev tools's grok debugger

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash json parse Parse nested json in logstash Logstash nested JSON Parse Parse multiline JSON with grok in logstash Logstash - won't parse JSON Parse multiline json log with logstash Parse/split nested single JSON array in Logstash Can't parse .log to .json with logstash How to use JSON filter plugin to seperate message in JSON in logstash? logstash parse dynamically json to add new fields in the output
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM