Failed when parsing JSON from VirusTotal


(Rahmat Agung W) #1

So I have JSON file retrieve from virustotal. Looks:


This is my logstash config :

input{
file{
	path => "/path/scan.json"
    start_position => beginning
}

}
filter{
json{
	source => scans
	}

}

output {
   elasticsearch {   
    hosts => ["10.33.109.24:9200"]
	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	}
	file {
            path => "/home/elk/log/virustotal.json"
            codec => json
        }
        stdout {
            codec => rubydebug
        }
}

At first, I used filebeat as my input but there is no incoming data to my elasticsearch/kibana. I Then i used file input instead, but still no result. Is something wrong with my JSON filter?


(Magnus B├Ąck) #2

If it's a multiline JSON file (i.e. the file contains a single JSON object spread over multiple lines) you have to use a multiline codec to join all lines of the file into a single event. Examples of this have been posted in the past. People have to do the same thing for XML files.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.