Failed when parsing JSON from VirusTotal

(Rahmat Agung W) #1

So I have JSON file retrieve from virustotal. Looks:

This is my logstash config :

	path => "/path/scan.json"
    start_position => beginning

	source => scans


output {
   elasticsearch {   
    hosts => [""]
	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	file {
            path => "/home/elk/log/virustotal.json"
            codec => json
        stdout {
            codec => rubydebug

At first, I used filebeat as my input but there is no incoming data to my elasticsearch/kibana. I Then i used file input instead, but still no result. Is something wrong with my JSON filter?

(Magnus B├Ąck) #2

If it's a multiline JSON file (i.e. the file contains a single JSON object spread over multiple lines) you have to use a multiline codec to join all lines of the file into a single event. Examples of this have been posted in the past. People have to do the same thing for XML files.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.