I'm having these json parsing errors from time to time:
2022-01-07T12:15:19,872][WARN ][logstash.filters.json ] Error parsing json
{:source=>"message", :raw=>" { the invalid json }", :exception=>#<LogStash::Json::ParserError: Unrecognized character escape 'x' (code 120)
Is there a way to get the :exception field in the logstash config file?
Since what I want is to create a field containing that exception message, though I'm not sure if that's possible.
Yeah, that seems to be case. I wanted to add in Elasticsearch more details regarding as to why and where the json filter fails to parse. I think the only chance I got if I want this behaviour is to implement a raw ruby script in a ruby filter and try to manually parse it.
You can re-purpose the core of the json filter. The following code
ruby {
code => '
@source = "message"
source = event.get(@source)
return unless source
begin
parsed = LogStash::Json.load(source)
rescue => e
event.set("jsonException", e.to_s)
return
end
@target = "jsonData"
if @target
event.set(@target, parsed)
end
'
}
results in
"jsonException" => "Unexpected character (',' (code 44)): was expecting a colon to separate field name and value\n at [Source: (byte[])\"{ \"baz\", \"oh!\" }\r\"; line: 1, column: 9]",
ETA: Come to think of it, I would remove the code that deals with @target, and use a json filter to do the actual parsing so that you have all the other options of it available. Just re-parse in ruby to capture the exception.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.