Converting filebeat message with logstash

fizem · June 26, 2023, 9:29pm

Hi,

I have setup filebeat to parse my API logs and send messages to a centralized logstash cluster.

filebeat will collect all the logs with a minimum CPU consumption.
logstash can transform the data, define multiple pipelines on dedicated servers and send the output to Elasticsearch.

When parsing the log, filebeat

stores each line of my log in key call messages and the value is a complex json object.
example :

  "messages" : "{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}"

sends the filebeat event to logstash which sends it elasticsearch

When ELK stores the document, it contains a key :

 "messages" :" {"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}"

I would like to have each key / value as part of entry in the Elastic document

{
  "@timestamp": "XXXX-XX-XXTHH:MM:SS",
  "key1":"value1",
  "key2":"value2",
  "key3":"value3",
  "key4":"value4",
  "key5":"value5"
}

How can achieved that. I don't want to install logstash on each API server to parse logs (based on logback).

Regards,

Farid

leandrojmp · June 26, 2023, 9:32pm

What does your logstash configuration looks like?

You need to parse the message in logstash using a json filter.

system · July 24, 2023, 9:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need to Parse a nested JSON message in #Logstash Logstash	3	555	October 18, 2022
Filebeat to logstash problem to parse json message Beats filebeat	7	1925	January 10, 2018
Problem with JSON logs Beats filebeat	3	558	March 9, 2019
How to read json data using filebeat and preserve attribute names in Logstash Beats filebeat	4	639	October 10, 2018
How to convert the Logstash message to fileds Logstash	16	430	August 8, 2023

Converting filebeat message with logstash

Related Topics