Filebeat send json format log, kibana can't recognize filed

lijin_liu · March 11, 2019, 3:23am

Hello,

I'm new to filebeat/elk. My problem is the Kibana can't recognize the field in my log.

The log content looks(via less log.log):

...
{"@timestamp":"2019-03-11T03:01:53.205+00:00","@version":"1","message":"spread not regression","logger_name":"com.arbitrage.tactics.hedge.FSHedgeTactics","thread_name":"Tactics-Worker","level":"INFO","level_value":20000}
...

the filebeat config:

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /svc/arbitrage/log-logstash/arbitrage.log

output.elasticsearch:
  hosts: ["xxx"]

filebeat.config:
  modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true
~

After I run filbert/ELK, the logs appeared, as:

it can't recognize the logger_name, thread_name ...

Because I'm new in Filebeat/ELK, please don't mind if I post wrong place,

Thanks in advance!

steffens · March 11, 2019, 2:25pm

The json log line is not parsed. That's why logger_name and thread_name are no actual fields. You have to enable json parsing in filebeat: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-config-json

lijin_liu · March 12, 2019, 11:21am

Thanks for your help, works like a charm!

system · April 9, 2019, 11:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.