Hi Team, Does Anyone know how to decode base64 in logstash?
Logfile :
{"ID":"11166946081959","Type":"LOG","pID":"rajesh.r@gmail.com","Interface":"Offboarding","payload": "PD94bWzCoHZlcnNpb249IjEuMCLCoGVuY29kaW5nPSJJU08tODg1OS0xIj8+wqDCoDxub3RlPsKgwqDCoDx0bz5Ub3ZlPC90bz7CoMKgwqDCoDxmcm9tPkphbmk8L2Zyb20+wqDCoMKgwqA8aGVhZGluZz5SZW1pbmRlcjwvaGVhZGluZz7CoMKgwqDCoDxib2R5PkRvbid0wqBmb3JnZXTCoG1lwqB0aGlzwqB3ZWVrZW5kITwvYm9keT7CoMKgPC9ub3RlPsKg"}
Config file:
input {
file{
path => "/home/rajesh/ELK/json.log"
start_position => beginning
tags => [ "time" ]
sincedb_path => "/dev/null"
codec => json {
target => "[document]"
}
}
}
filter {
ruby { code => 'event.set("decoded", Base64.decode64(event.get("payload")))' }
}
output {
if "time" in [tags] {
elasticsearch {
hosts => ["https://localhost:9200"]
cacert => '/home/rajesh/ELK/logstash-8.4.3/config/certs/http_ca.crt'
index => "time-%{+YYYY.MM.dd}"
user => "rajesh"
password => "rajesh"
}
}
}