Help with JSON output format

aganatra13 · June 18, 2017, 8:37am

Can someone help me with writing correct configuration file such that JSON output

Does not contain metadata like source file name, time stamp, host name etc..
Each column in input does not become a JSON document

Listed below is a line from input file and 2 rows from output file.

Input file format:
1|Toy Story (1995)|01-Jan-1995||http://us.imdb.com/M/title-exact?Toy%20Story%20(1995)|0|0|0|1|1|1|0|0|0|0|0|0|0|0|0|0|0|0

Current JSON output:
{"path":"C:\ml-100k\ml-100k\u.item","@timestamp":"2017-06-18T10:08:49.210Z","@version":"1","host":"WIN-KALHJUSVJJU","message":"1"}{"path":"C:\ml-100k\ml-100k\u.item","@timestamp":"2017-06-18T10:08:49.225Z","@version":"1","host":"WIN-KALHJUSVJJU","message":"Toy Story (1995)"}

Thank you,
Amit

warkolm · June 18, 2017, 9:09am

1 - You can use remove_field for some of this.
2 - Depends on what your config looks like now.

If you are having issues then posting the specifics would be good.

aganatra13 · June 18, 2017, 7:14pm

Listed is the config file. Any pointers or examples on how to implement the remove_fields ?

input{
file {
path => "C:\ml-100k\ml-100k\u.item"
start_position => ["beginning"]
delimiter => "|"
sincedb_path => "nul"
}
}

filter {
}

output {
file {
codec => json
path => "C:\items.json"
}

}

warkolm · June 18, 2017, 11:59pm

You should really use something like the csv filter to properly structure the event.

That has remove field too. https://www.elastic.co/guide/en/logstash/current/plugins-filters-csv.html

Topic		Replies	Views
Remove_Field json path on logstash Logstash	5	450	May 9, 2022
Parse JSON input file, extract fields and write them in output file Logstash	1	461	January 19, 2021
How to write filter part in my conf file for json file as input Logstash	1	522	May 17, 2017
Json Transform in Logstash Logstash	4	382	September 11, 2019
Logstash json input file only required fields to output Logstash	11	606	September 20, 2023

Help with JSON output format

Related topics