2022-02-01 01:25:45.778-[ActivationSrvc-28] com.verizon.vnm.activation.ejb.helper.ActivationRequestHelper.nbaReqResponse(ActivationRequestHelper.java:3313) INFO {"VSAD_ID":"ABFD","log_type":"","app_name":"ABC","VAST_ID":100,"function_name":"","log_time_stamp":null,"true_ip":"","Browser_thumbprint":"","View_port_x":"","View_port_y":"","Clicked_element":"","Click_x":"","Click_y":"","user_agent":"","user_device":"","logger_class":"","status_code":null,"page_name":"","customer_type":"IVAPP_PCRF","api_url":"","page_referer":"","http_verb":"","function_path":"","app_version":"","server_host":"","server_port":null,"app_flow":"","log_level":"","app_type":"WEBAPP(Java)","app_environment":"","log_message":"","app_session_id":"","sso_session_id":"","logged_in_user_id":"","journey_entry_point":"","type_alias":"","is_valued_transaction":"","transaction_value":"","is_account_info_view":"","account_info_view_type":"","is_account_info_change":"","account_info_change_type":"","app_level_info":null,"result_status":"V0000","response_size":"","version":1,"tid":"BCXVVCRF","transaction_id":"null","order_number":"","request_type":"PCQUERY"}
I want to parse only the content starting from {"VSAD_ID: till end and push it to external system using logstash config. I tried below grok filter but I am getting error as below
"Unexpected character ('-' (code 45)): Expected space separating root-level values\n
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} -\[%{DATA:instance}\] %{JAVACLASS:class}.%{WORD:method}(%{JAVAFILE:file}:%{NUMBER:line}) %{LOGLEVEL:log_level}%{SPACE}%{GREEDYDATA:main_message}" }
}
}
Can someone help me out here pls.
I am ok if someone can show a way where I can ignore the content of the line till INFO and only consider from {"VSAID_ID