Filebeat, raw logs to JSON format to send to elasticsearch directly

ali_khalil · December 1, 2019, 10:58pm

Hi,

I had googled a lot and spent many hours but I am not able to find a satisfying answer. How can I parse the raw log strings to JSON.

Here is sample logs:
[11/Nov/2019 18:39:15] INFO [services2.abc:123] Company name: Facebook, Inc.
[11/Nov/2019 18:39:15] INFO [services2.abc:121] Company id: fsdfsfs3213
[11/Nov/2019 18:39:15] ERROR [services2.abc:121] Company not found etc.

I want to send as { 'timestamp' : '[11/Nov/2019 18:39:15]', 'message': 'Company name: Facebook, Inc.' },

How can I do that? I want filebeat oriented solution. Hoping for a quick solution.

faec · December 6, 2019, 5:43pm

Welcome! If your logs are in format with module support you can use the appropriate module to parse them. If it's a custom format, you can generate fields by setting up processors -- the dissect processor is good for simple transformations, and for more general behavior you can try the script processor.

system · January 3, 2020, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat send a json log but is stored as a string Beats filebeat	17	12732	July 5, 2017
Parse log data in filebeat/elasticsearch Beats filebeat	1	297	February 21, 2019
Problem with JSON logs Beats filebeat	3	561	March 9, 2019
Parsing stringified JSON from filebeat input Logstash	7	1011	May 14, 2019
In filebeat processing json log files that does not need processing Elasticsearch	11	572	October 28, 2023

Filebeat, raw logs to JSON format to send to elasticsearch directly

Related topics