BobCoder BobCoder - 4 years ago 305
JSON Question

Grep Json String for logstash filter

I am new to logstash and trying to go through different blogs / links to understand it in detail. I am stuck with a issue where I want to parse Json string which is embedded in a normal string line .

Input String

2017-01-27 11:54:48 INFO PropertiesReader:33 -
{"timestamp":1485518878968,"h":"297268184dde", "l":"INFO", "cN":"", "mN":"loadProperties", "m":"load
property file from /var/tmp/conf"}

I want to extract highlighted Json string and apply Json plug-in on the Json . How can I achieve this ?

Val Val
Answer Source

You simply need to use the json filter after your grok filter:

filter {
    grok { 
         match => [ "message", "%{TIMESTAMP_ISO8601:LogDate} %{LOGLEVEL:loglevel} %{WORD:threadName}:%{NUMBER:ThreadID} - %{GREEDYDATA:Line}" ] 
    json {
        source => "Line"

Also note that I've modified your grok pattern a little bit to exclude the - before the JSON data.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download