Failed when parsing JSON from VirusTotal

So I have JSON file retrieve from virustotal. Looks:


This is my logstash config :

input{
file{
	path => "/path/scan.json"
    start_position => beginning
}

}
filter{
json{
	source => scans
	}

}

output {
   elasticsearch {   
    hosts => ["10.33.109.24:9200"]
	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	}
	file {
            path => "/home/elk/log/virustotal.json"
            codec => json
        }
        stdout {
            codec => rubydebug
        }
}

At first, I used filebeat as my input but there is no incoming data to my elasticsearch/kibana. I Then i used file input instead, but still no result. Is something wrong with my JSON filter?

If it's a multiline JSON file (i.e. the file contains a single JSON object spread over multiple lines) you have to use a multiline codec to join all lines of the file into a single event. Examples of this have been posted in the past. People have to do the same thing for XML files.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.