How to parse json logs in logstash

hassnain · April 13, 2022, 3:32pm

{"className":"HomePageBusiness.java","msisdn":"912345678902","method":"HOMEPAGE","externalAPI":"My project info","message":"Delta this is successfull","timestamp":"2022/04/06 21:49:14","timeElapsed":"0:0:0:109"}

This is a custom generated logs pattern for monitoring API response which is 109 milliseconds in last. I want to show it on kibana, I am really a newbie, can someone help me to convert this unstructured data into structured data. Please guide how to write logstash filter for it.

Badger · April 13, 2022, 7:02pm

That is JSON, so you can use a json filter to parse it.

json { source => "message" remove_field => [ "message" ] }

To show the response time in kibana it will probably be better to normalize timeElapsed to milliseconds

    ruby {
        code => '
            timeElapsed = event.get("timeElapsed")
            if timeElapsed
                timeElapsed = timeElapsed.split(":")
                if timeElapsed.length == 4
                    event.set("timeElapsedMs", timeElapsed[3].to_i + 1000 * timeElapsed[2].to_i + 60000 * timeElapsed[1].to_i + 3600000 * timeElapsed[0].to_i)
                end
            end
        '
    }

system · May 11, 2022, 7:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_dateparsefailure in Kibana Kibana	2	318	April 1, 2021
Json logs with a field named "time", won´t be shown in kibana Logstash	1	359	December 27, 2017
Parse logs Logstash	12	3262	July 6, 2017
Json logstash Logstash	6	781	August 14, 2017
Logstash file for parsing JSON data Logstash	6	7081	July 6, 2017

How to parse json logs in logstash

Related topics