My log file has entries line below.
{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"shail","time":"2017-11-03T17:02:28.001Z","v":0}
{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"jitu","time":"2017-11-03T17:02:28.001Z","v":0}
2020-01-15 07:01:01.634 INFO 13 :{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"hello","time":"2017-11-03T17:02:25.994Z","v":0}
2020-01-15 07:01:01.634 INFO 13 :{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"world","time":"2017-11-03T17:02:26.997Z","v":0}
2020-01-15 07:01:01.634 INFO 13 :{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"jitu","time":"2017-11-03T17:02:28.001Z","v":0}
I want to parse all json data as fields.
The log line which contain complete json data, has no issue, i passes every json keys as fields within kibana.
{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"shail","time":"2017-11-03T17:02:28.001Z","v":0}
But it's not working for the one that contains some other data pre aligned with json data.
2020-01-15 07:01:01.634 INFO 13 :{"name":"foo","hostname":"local","pid":21894,"level":30,"msg":"hello","time":"2017-11-03T17:02:25.994Z","v":0}
I'm trying to processors with decode_json_fields and aligned with regex condition.
here is my config.
processors:
decode_json_fields:
when:
regexp:
message: "^.*{"fields: ["message"]
process_array: true
max_depth: 8
target: ""
overwrite_keys: true
add_error_key: true
What I'm doing wrong here ?