How to parse JSON data in Logstash

Elastic Stack Logstash
1

I am parsing a .txt file which have json format values . When I try to parse the file using JSON filter the data is not getting parsed.

Logstash.config

 input {
    beats{
 		port => 7360
 		codec => "json"
 		}
 }
 
 filter{	
 		json{
 		  source => "message"
 		}
 	 
 }
 
 output{
 	
 		elasticsearch {
 		index => "logstash-json_sample"
 		hosts => ["xxxxxx:9200"]	
 		}
 	
 }

Filebeat.config

filebeat.prospectors:
- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /zzz/sample/ddd/*.txt

  multiline.pattern: ^\[,
  multiline.negate: true
  multiline.match: after

output.logstash:
  hosts: ["xxxxxx:7360"]

Log file

[
    {
        "timestamp": "2018-01-11T20:55:20.373Z",
        "service": "hdfs",
        "command": "listStatus",
        "resource": "/user/share/lib",
        "allowed": true,
        "serviceValues": {
            "src": "/user/share/lib",
            "permissions": null,
            "delegation_token_id": null,
            "dest": null
        }
    },
    {
        "timestamp": "2018-01-11T20:55:11.000Z",
        "service": "imp",
        "command": "USE",
        "resource": "null:atscale",
        "operationText": "USE atscale",
        "allowed": true,
        "serviceValues": {
            "operation_text": "USE atscale",
            "database_name": null,
            "object_type": "DATABASE",
            "privilege": "ANY",
            "status": ""
        }
    },
	......
	.......
	.....
]

NOTE: Log file is huge file Ijust provided the sample

2

Comment out your elasticsearch output and add a stdout { codec => rubydebug } output so you can easily dump the events coming out of Logstash. What are you currently getting?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.