How to fetch nested json data in separate fields

bharti · September 25, 2023, 5:08am

Hello
I need a little help.
I want to fetch some nested json data into separate fields

input {
  beats {
    port => 5044
  }
}
filter {
    if "/var/log/ABC.log"  in [log][file][path] {
      grok {
         match => { "message" => '^%{GREEDYDATA}"Status":"%{WORD:Status}"%{GREEDYDATA}$' }
      }

     grok {
        match => { "message" => '^%{GREEDYDATA}"TransactionNumber":"%{NUMBER:TransactionNumber}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CountryCode":"%{WORD:CountryCode}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"RequestID":"%{WORD:RequestID}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"Amount":"%{NUMBER:Amount}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"SubCategory":"%{WORD:SubCategory}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CustomerID":"%{WORD:CustomerID}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CustomerNumber":"%{WORD:CustomerNumber}"%{GREEDYDATA}$' }

     }
 }
}

above is my logstash config

bharti · September 25, 2023, 5:23am

My sample json

{"Tksp":{"ServiceInterface":{"Channel":{"HostIP":{"Type":"IPV4","Value":"0.0.0.0"}},
"Name":"ABC.COM","Type":"AGENT"},"Device":{"IP":{},"OS":"web","Version":"117"},
"Name":"ABC","Type":"TRANSACTION",
"Response":{"Code":"0","Message":"SUCCESS","Status":"PENDING","HostCode":"17","HostMessage":"authentication required",
"Parameter":
[{"Name":"responseData",
"Value":"{"authenticationsRequired":[{"authToken":"abcd-1234-xyz","message":"Enter the otp code send to the customer"}"},
{"Name":"transactionId","Value":"null"},{"Name":"authenticationRequestID","Value":"fund_transferd12345"}]}},
"Security":{},"TransactionData":{"CountryCode":"AB","Currency":"INR","CustomerDetails":{"Operator":"ABC XYZ","Name":"DEF JKL",
"TerminalId":"098765","TerminalLocation":",","CountryCode":"AB","AgentId":"12345","CreditAcctNumber":"1234567890","DebitAcctNumber":"1234567890",
"CardNumber":"123456","AuthPerformed":"otp","AuthResult":"FAILED","BioenrollFlag":false,"BioenrollStat":false,"BioenrollDate":"",
},
"GLAgent":{"Commission":"0","Discount":"0","Fee":"0","STax":"0","SurCharge":"0","TotalAmount":"12000","VAT":"0","Formulae":"AMT","LedgerOperation":"DR"},
"RequestID":"12345678998765432","ServiceDetail":{"BusinessCategory":"B2B","Denomination":"AB","Partner":"ABC",
"SubCategory":"TRANSFER","UserType":"AGENT"},"TimeStamp":"22-09-2023 05:28:07AM","TransactionDescription":"Transfer",
"TransactionNumber":"9876543212345677",
"HistoryTransactionNumber":"dRa8uPPCaK0qCC4l4TVS1fjc5LIxWAJTPCAy8rs1SkchZwjgTWNQ7Ydj9Q3qRU3AKv/qS/FeL7gMb8IzMtmu9A==","Amount":"12000",
"TransactionType":"TRANSFER_EMPLOYEE","TransactionChannel":"AGENT","LanguageCode":"EN","origTxnId":""}}}

there is one Response json there within the whole json
so I want that response data in separate fields like
code
Message
HostCode
Status
HostMessage

need this separately
please help me out

Topic		Replies	Views
How to create fields from nested fields for json data in logstash Logstash	9	778	July 31, 2020
Logstash : How to extract a nested field from Json log and only index the content of the nested field Logstash	6	1961	November 24, 2022
Split row data to fields Logstash	7	2157	July 6, 2017
Extract nested json Logstash	2	701	March 16, 2021
Logstash in k8s - parsing nested json from MongoDB and get every nested json as separated field Logstash	3	315	October 3, 2023

How to fetch nested json data in separate fields

Related topics