stackoom
  简体   繁体   中英

Grep Json String for logstash filter

 原文  2017-02-06 17:01:57       json/ elasticsearch/ logstash/ logstash-grok

Question

I am new to logstash and trying to go through different blogs / links to understand it in detail. I am stuck with a issue where I want to parse Json string which is embedded in a normal string line .

Input String

2017-01-27 11:54:48 INFO PropertiesReader:33 - {"timestamp":1485518878968,"h":"297268184dde", "l":"INFO", "cN":"org.com.logstash.demo", "mN":"loadProperties", "m":"load property file from /var/tmp/conf"}

I want to extract highlighted Json string and apply Json plug-in on the Json . How can I achieve this ?

1 answers

solution1
 0 ACCPTED  2017-02-06 17:09:45

You simply need to use the json filter after your grok filter: 

filter {
    grok { 
         match => [ "message", "%{TIMESTAMP_ISO8601:LogDate} %{LOGLEVEL:loglevel} %{WORD:threadName}:%{NUMBER:ThreadID} - %{GREEDYDATA:Line}" ] 
    }
    json {
        source => "Line"
    }
}

Also note that I've modified your grok pattern a little bit to exclude the - before the JSON data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question filter json in logstash Need to convert string to JSON in LogStash Decompose json array string in Logstash Logstash json filter parsed fields cannot be read within logstash Logstash JSON filter with mutate to add new fields Filter Kafka JSON messages with Logstash grok logstash json filter not parsing fields getting _jsonparsefailure Nested json objects in logstash aggregate filter plugin In logstash, How to filter logs by json key and value? jQuery GREP + JSON empty data filter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM