Getting Json parsing exception in logstash.filters.json

Arpit_Pruthi · March 13, 2020, 10:52am

This is my logstash config :-

input { stdin { } } 
    filter {
    grok{ 
    patterns_dir => ["./patterns"] 
    match => {"message" => "^abc-logs:%{TEMP:msg}"
    }} 
    json{source => "msg"} 
    kv{
    source => "msg" 
    trim_value => "{}" 
    field_split => "\s*,\s*"
    }} 
    output { stdout {} }

This is my patterns file:-

TEMP (%{SPACE}*([a-zA-z]+%{SPACE}*)+=?%{SPACE}*{%{NUMBER}}?%{SPACE}*,?%{SPACE}*)+

Everything works fine I get the final required output for my input example:-

{
           "msg" => "Id={2},inni={3}",
       "message" => "abc-logs:Id={2},inni={3}",
      "@version" => "1",
          "host" => "arpit.pruthi",
    "@timestamp" => 2020-03-13T09:37:31.807Z,
          "tags" => [
        [0] "_jsonparsefailure"
    ],
          "inni" => "3",
       "Id" => "2"
}

Id and inni comes in json but I also get the exception as :-

[logstash.filters.json ] Error parsing json {:source=>"msg", :raw=>"Id={2},inni={3}", :exception=>#<LogStash::Json::ParserError: Unrecognized token 'Id': was expecting ('true', 'false' or 'null')

Please help

Badger · March 13, 2020, 5:49pm

That's not valid JSON, so I would not expect a json filter to be able to parse it.

system · April 10, 2020, 5:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.