[filebeat] - Json processor

JH82 · May 2, 2022, 11:34pm

Hello, I try to make a JSON transform with processor in filebeat (with http_endpoint as input).
2 questions :

when I send a simple json message like
{"message":"OK"}
I receive :
{"message": "success"} but I get many extra unwanted data in addition of my Original JSON.
why not have just "{"document":{"message":"OK"}}" into _source ?

but in elastic db i've

{
  "_index": "cri-2022",
  "_type": "_doc",
  "_id": "aWcWh4ABcwp0swy5bbh_",
  "_version": 1,
  "_score": 1,
  "_source": {
    "@timestamp": "2022-05-02T23:23:54.543Z",
    "host": {
      "name": "lenovox1g2"
    },
    "agent": {
      "name": "lenovox1g2"
    },
    "ecs": {},
    "json": {
      "message": "OK"
    },
    "input": {}
  },
  "fields": {
    "json.message": [
      "OK"
    ],
    "agent.name": [
      "lenovox1g2"
    ],
    "@timestamp": [
      "2022-05-02T23:23:54.543Z"
    ],
    "host.name": [
      "lenovox1g2"
    ]
  }
}

Question 2 :

if I have a message like this
{"content":["1"],"default_value":"\"Module 1\"","field":2} and I want to transforme into
{"Module 1":{"content":["1"],"field":2}

is it possible to do this with processor or other anyway with filebeat ?

Thank you !

Regards.

Tetiana_Kravchenko · May 5, 2022, 1:20pm

Hi @JH82

regarding question 2 - it should be possible to achieve with script processor.

system · June 2, 2022, 3:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat to logstash problem to parse json message Beats filebeat	7	1925	January 10, 2018
Not able to convert json string to json object with filebeat TCP input Beats filebeat	4	1730	December 24, 2019
Processing a json file in filebeat Logstash	3	1428	November 9, 2020
Nested JSON parsing issues Beats filebeat	9	1603	February 28, 2020
Filebeat: Bug: Processor "decode_json_fields" with usage of "target" Beats filebeat	14	1927	March 16, 2022

[filebeat] - Json processor

Related topics