Filebeat send json format log, kibana can't recognize filed

lijin_liu · March 11, 2019, 3:23am

Hello,

I'm new to filebeat/elk. My problem is the Kibana can't recognize the field in my log.

The log content looks(via less log.log):

...
{"@timestamp":"2019-03-11T03:01:53.205+00:00","@version":"1","message":"spread not regression","logger_name":"com.arbitrage.tactics.hedge.FSHedgeTactics","thread_name":"Tactics-Worker","level":"INFO","level_value":20000}
...

the filebeat config:

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /svc/arbitrage/log-logstash/arbitrage.log

output.elasticsearch:
  hosts: ["xxx"]

filebeat.config:
  modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true
~

After I run filbert/ELK, the logs appeared, as:

it can't recognize the logger_name, thread_name ...

Because I'm new in Filebeat/ELK, please don't mind if I post wrong place,

Thanks in advance!

steffens · March 11, 2019, 2:25pm

The json log line is not parsed. That's why logger_name and thread_name are no actual fields. You have to enable json parsing in filebeat: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-config-json

lijin_liu · March 12, 2019, 11:21am

Thanks for your help, works like a charm!

system · April 9, 2019, 11:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat shipped json file : how to get needed fields? Logstash	2	835	July 6, 2017
Just one unknown field - Filebeat json parsing Beats filebeat	5	1071	July 2, 2020
Parse json data from log file into Kibana via Filebeat and Logstash Beats filebeat	10	9548	May 19, 2020
Filebeat 7.3.0 froze parsing multiline json Beats filebeat	1	569	October 3, 2019
Parse JSON data with filebeat Beats filebeat	8	59761	April 24, 2017

Filebeat send json format log, kibana can't recognize filed

Related topics