Hello there, I want to extract "applicationOwner" and "proxyResponseCode" JSON fields from my message My message filed look like this: message": "TID: [-1234] [2022-02-07 18:59:15,667] INFO {org.wso2.am.analytics.publisher.sample.reporter.LogCounterMetric} - Metric Name: apim:response Metric Val…

Extracting some JSON fields from the message

Badger February 8, 2022, 5:37pm 7

You could try

    grok { match => { "message" => "{(?<[@metadata][kvData]>[^}]+)}$" } }
    kv { source => "[@metadata][kvData]" field_split => "," trim_key => " " }

which will produce

          "apiType" => "HTTP",
"proxyResponseCode" => "500",
        "errorType" => "null",
 "applicationOwner" => "admin"

1 Like

How to parse json from message field

Topic		Replies	Views
Extract json fields from message Logstash	6	803	May 7, 2021
Create temp metadata field using regex in message field and parse json Logstash	7	688	September 8, 2020
Parsing data from the message field of incoming json Logstash	2	626	September 14, 2017
Extracting the JSON fields from the message Logstash	10	28181	May 5, 2020
Extract subfields in JSON Field Logstash	8	7344	June 22, 2018

Extracting some JSON fields from the message

Related topics