Filebeat, raw logs to JSON format to send to elasticsearch directly

ali_khalil · December 1, 2019, 10:58pm

Hi,

I had googled a lot and spent many hours but I am not able to find a satisfying answer. How can I parse the raw log strings to JSON.

Here is sample logs:
[11/Nov/2019 18:39:15] INFO [services2.abc:123] Company name: Facebook, Inc.
[11/Nov/2019 18:39:15] INFO [services2.abc:121] Company id: fsdfsfs3213
[11/Nov/2019 18:39:15] ERROR [services2.abc:121] Company not found etc.

I want to send as { 'timestamp' : '[11/Nov/2019 18:39:15]', 'message': 'Company name: Facebook, Inc.' },

How can I do that? I want filebeat oriented solution. Hoping for a quick solution.

faec · December 6, 2019, 5:43pm

Welcome! If your logs are in format with module support you can use the appropriate module to parse them. If it's a custom format, you can generate fields by setting up processors -- the dissect processor is good for simple transformations, and for more general behavior you can try the script processor.

system · January 3, 2020, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat send a json log but is stored as a string Beats filebeat	17	12716	July 5, 2017
Parse log data in filebeat/elasticsearch Beats filebeat	1	297	February 21, 2019
Problem with JSON logs Beats filebeat	3	558	March 9, 2019
In filebeat processing json log files that does not need processing Elasticsearch	11	532	October 28, 2023
Parsing logs filebeat Beats filebeat	4	762	June 2, 2021

Filebeat, raw logs to JSON format to send to elasticsearch directly

Related Topics