How to extract rows with logstash

citanionarrei · November 6, 2017, 12:40pm

ok good...many thanks for help
i have another problem

2017-07-13 13:32:32,562 | WARN  | ...other words.. {"request":{"cks":31155,"terminal"....}

I can extract a line where there is a WARM but I also want to extract and process the Json that is there after {"request":{"cks":31155,"terminal"........}
I'm trying with this conf.

filter {
grok {		 
	match => ["message", "(?<check>).*\| WARN  \|.*(?<check_json>){\"request\".*}"]
	break_on_match => true
	add_field => {"type" => "log_warn"}
    }
if !( "" in [check]){drop{}}

mutate {  remove_field => ["path","host","check"]
      add_tag => [ "WARNING" ]	}
	
	
if "_grokparsefailure" in [tags] {drop {}}	
else {
	json {
		source => "check_json"
	}}
}

what do you think?

Topic		Replies	Views
Removing fields from logstash Logstash	67	3449	October 6, 2023
Parsing human readable log files with grok Logstash	19	2742	July 6, 2017
Logstash Extract message field .log file Logstash	1	369	June 30, 2021
Delete fields in events Logstash	3	490	May 18, 2017
Dropping / Mutating first part of log event Logstash	6	1062	July 6, 2017

How to extract rows with logstash

Related topics