How to fetch nested json data in separate fields

bharti · September 25, 2023, 5:08am

Hello
I need a little help.
I want to fetch some nested json data into separate fields

input {
  beats {
    port => 5044
  }
}
filter {
    if "/var/log/ABC.log"  in [log][file][path] {
      grok {
         match => { "message" => '^%{GREEDYDATA}"Status":"%{WORD:Status}"%{GREEDYDATA}$' }
      }

     grok {
        match => { "message" => '^%{GREEDYDATA}"TransactionNumber":"%{NUMBER:TransactionNumber}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CountryCode":"%{WORD:CountryCode}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"RequestID":"%{WORD:RequestID}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"Amount":"%{NUMBER:Amount}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"SubCategory":"%{WORD:SubCategory}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CustomerID":"%{WORD:CustomerID}"%{GREEDYDATA}$' }

     }
     grok {
        match => { "message" => '^%{GREEDYDATA}"CustomerNumber":"%{WORD:CustomerNumber}"%{GREEDYDATA}$' }

     }
 }
}

above is my logstash config

bharti · September 25, 2023, 5:23am

My sample json

{"Tksp":{"ServiceInterface":{"Channel":{"HostIP":{"Type":"IPV4","Value":"0.0.0.0"}},
"Name":"ABC.COM","Type":"AGENT"},"Device":{"IP":{},"OS":"web","Version":"117"},
"Name":"ABC","Type":"TRANSACTION",
"Response":{"Code":"0","Message":"SUCCESS","Status":"PENDING","HostCode":"17","HostMessage":"authentication required",
"Parameter":
[{"Name":"responseData",
"Value":"{"authenticationsRequired":[{"authToken":"abcd-1234-xyz","message":"Enter the otp code send to the customer"}"},
{"Name":"transactionId","Value":"null"},{"Name":"authenticationRequestID","Value":"fund_transferd12345"}]}},
"Security":{},"TransactionData":{"CountryCode":"AB","Currency":"INR","CustomerDetails":{"Operator":"ABC XYZ","Name":"DEF JKL",
"TerminalId":"098765","TerminalLocation":",","CountryCode":"AB","AgentId":"12345","CreditAcctNumber":"1234567890","DebitAcctNumber":"1234567890",
"CardNumber":"123456","AuthPerformed":"otp","AuthResult":"FAILED","BioenrollFlag":false,"BioenrollStat":false,"BioenrollDate":"",
},
"GLAgent":{"Commission":"0","Discount":"0","Fee":"0","STax":"0","SurCharge":"0","TotalAmount":"12000","VAT":"0","Formulae":"AMT","LedgerOperation":"DR"},
"RequestID":"12345678998765432","ServiceDetail":{"BusinessCategory":"B2B","Denomination":"AB","Partner":"ABC",
"SubCategory":"TRANSFER","UserType":"AGENT"},"TimeStamp":"22-09-2023 05:28:07AM","TransactionDescription":"Transfer",
"TransactionNumber":"9876543212345677",
"HistoryTransactionNumber":"dRa8uPPCaK0qCC4l4TVS1fjc5LIxWAJTPCAy8rs1SkchZwjgTWNQ7Ydj9Q3qRU3AKv/qS/FeL7gMb8IzMtmu9A==","Amount":"12000",
"TransactionType":"TRANSFER_EMPLOYEE","TransactionChannel":"AGENT","LanguageCode":"EN","origTxnId":""}}}

there is one Response json there within the whole json
so I want that response data in separate fields like
code
Message
HostCode
Status
HostMessage

need this separately
please help me out

system · October 23, 2023, 5:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash : How to extract a nested field from Json log and only index the content of the nested field Logstash	6	1752	November 24, 2022
How to create fields from nested fields for json data in logstash Logstash	9	726	July 31, 2020
Parsing nested JSON fields to separate fields Logstash	3	599	October 23, 2020
Logstash nested json parsing,getting every nested json as seperate field Logstash	13	2727	April 21, 2023
Parsing nested JSON in message field [Logstash][Filebeat] Logstash	1	807	April 9, 2019

How to fetch nested json data in separate fields

Related topics