How to assign the json values to fields

Elastic Stack Logstash
1

hi my log message looks like this

{"applicationName":test, "FlowName":test, "key":"EmpID", "Value":"E103", "Domain": 0,"hostname":localhost,"cluster":, "LogStatus":"InProcess", "CurrentPayload":"E103", "FlowID":null, "LogMessage":"Retrieving User Details" }

I am trying to extract all the details of the values and assign them to fields

Desired output example :- applicationName(Field) : test

my config file looks like this

input {
stomp {
host => "10.0.0.235"
destination => "test"
}
}

filter {
json{
source => "message"
}

split {
    field => "message"
}

     mutate {
            add_field => {
                    "applicationName" => "%{[message][applicationName]}"
                    "FlowName" => "%{[message][FlowName]}"
                    "key" => "%{[message][key]}"
                    "Value" => "%{[message][Value]}"
                    "Domain" => "%{[message][Domain]}"
                    "hostname" => "%{[message][hostname]}"
                    "cluster" => "%{[message][cluster]}"
                    "LogStatus" => "%{[message][LogStatus]}"
                    "CurrentPayload" => "%{[message][CurrentPayload]}"
                    "FlowID" => "%{[message][FlowID]}"
                    "LogMessage" => "%{[message][LogMessage]}"

}

remove_field => [ "[message]" ]
}
output {
elasticsearch { hosts => ["localhost:9200"]
hosts => "localhost:9200"
manage_template => false
index => "activemq-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

appreciate any help I can get on this. thankyou

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.