Hi,
I am new to ELK, and trying to send the JSON data to elasticsearch, if the JSON format is given wrongly the Es is adding a document with "-".
Can you please help me in avoiding the wrong input JSON.
My script:
input {
file {
path => ["/dev/elk/data/sample.json"]
start_position => "beginning"
discover_interval => 10
stat_interval => 10
sincedb_write_interval => 10
close_older => 10
codec => multiline {
pattern => "\n"
negate => true
what => "previous"
}
}
}
filter {
json {
source => "message"
tag_on_failure => ["_jsonparsefailure"]
skip_on_invalid_json => false
ignore_failure => false
if "_jsonparsefailure" in [tags] {
drop { }
}
}
}
output {
if "_jsonparsefailure" not in [tags] {
elasticsearch {
hosts => ["localhost:9200"]
index => "index1"
document_type => "indexdoc1"
}
}