Filebeat parsing log containing structured JSON

bkleynbok · October 3, 2019, 8:15pm

Running ELK Stack 7.3.2 on Linux

I am trying to parse JSON via FIilebeat then output to Elasticsearch and show individual objects of the structured JSON in Kibana.

Here is test.json
[
{
"employee": {
"firstName": "Lokesh",
"lastName": "Gupta",
"website": "howtodoinjava.com"
}
},
{
"employee": {
"firstName": "Brian",
"lastName": "Schultz",
"website": "example.com"
}
}
]

Here is my filebeat.yml
filebeat.inputs:

type: log

enabled: true
paths:
- /opt/filebeat-7.3.2-linux-x86_64/logs/test.json
multiline.pattern: '^{'
multiline.negate: true
multiline.match: after

processors:
- decode_json_fields:
  fields: ["employee"]
  max_depth: 3

output.elasticsearch:
hosts: ["http://myhost:9200"]

I am not able to parse structured JSON

Michael_Madden · October 4, 2019, 1:23am

Hello, do you get an errors when you try to decode your test JSON data? I believe you're on the right track. I was going to suggest using decode_json_fields, but I see it's already in your configuration.

bkleynbok · October 4, 2019, 12:49pm

Nothing gets parsed. I tried a one line JSON in the test.json file.

{ "firstName": "Lokesh","lastName": "Gupta" }

No Elastic search index gets created.

system · November 1, 2019, 12:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parse JSON data with filebeat Beats filebeat	8	59760	April 24, 2017
Filebeat shipped json file : how to get needed fields? Logstash	2	835	July 6, 2017
Want to parse a nested json form filebeat to elasticsearch Beats filebeat	1	502	July 25, 2019
Parse json with filebeat Beats filebeat	8	2658	November 24, 2017
Parse json data from log file into Kibana via Filebeat and Logstash Beats filebeat	10	9548	May 19, 2020

Filebeat parsing log containing structured JSON

Related topics