Hi Team,
I'm facing issue to parse json in a json. Below is my sample log. Using Json formate in logstash it is working fine. But now I want to parse fields that are in "txn_pl_resp" (i.e. code & message)
Using ELK version 5.4.
{
"app_name": "myapp",
"txn_id": "6816250463",
"txn_ts": "2020-02-28 13:19:35.556269",
"txn_end_ts": "2020-02-28 13:19:35.606198",
"email_id": "abc@yahoo.co.in",
"txn_type": "LOGIN_TMSTMP",
"txn_catgry": "Cache_DB",
"txn_method": "POST",
"txn_host": "xyz.itm",
"txn_dur": "50.061",
"txn_status": "SUCCESS",
"txn_pl_req": "'POST|xyz@yahoo.co.in|{"reqst":"LOGIN_TMSTMP"}'",
"txn_pl_resp": "'{"status":{"code":"200","message":"SUCCESS : Login successful for user xyz@yahoo.co.in"},
"body":{"current_timestamp":"20200228184935","previous_timestamp":"20200125163533"}
}
Below is my current Logstash config file setting, Please suggest what changes need to be done -
filter {
if [type] == "myapp-log" {
json {
source => "message"
}
}
}output {
if [type] == "myapp-log" {
elasticsearch {
hosts => ["0.0.0.0:9200","10.10.10.10:9200""]
index => "<myapp-{now/d}>"
workers => 4
}
}
}