How to parse json in logstash /grok from a text file line? How to parse json in logstash /grok from a text file line? elasticsearch elasticsearch

How to parse json in logstash /grok from a text file line?


elasticsearch logstash logstash-grok

After your json filter add another one called mutate in order to add the two fields that you would take from the parsedJson field.

filter {  ...  json {     ...  }  mutate {    add_field => {      "firstname" => "%{[parsedJson][firstname]}"      "lastname" => "%{[parsedJson][lastname]}"    }  }}

For your sample log line above that would give:

{       "message" => "MyLine data={\"firstname\":\"bob\",\"lastname\":\"the builder\"}",      "@version" => "1",    "@timestamp" => "2015-11-26T11:54:52.556Z",          "host" => "iMac.local",        "MyWord" => "MyLine",    "parsedJson" => {        "firstname" => "bob",         "lastname" => "the builder"    },     "firstname" => "bob",      "lastname" => "the builder"}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last