How to parse json responses in logs

clandestino_bgd · December 22, 2015, 12:08pm

Hello, could somebody help me figuring this out?
I have the log file (containing server json responses) in the following format

{"success":true,"data":{"field1":"value1", "field2":"value2"}}
{"success":true,"data":{"field1":"value11", "field2":"value22"}}
{"success":false,"data":{"Exception blah blah"}}
{"success":true,"data":{"field1":"value111", "field2":"value222"}}

and I would like to create a documents in elasticsearch of the type myevent
with fields: field1 and field2 only if success was true

I had multiple failed attempts with codec => json
json filters, grok patterns, but no luck.

Thank you,
Milan

warkolm · December 23, 2015, 1:45am

Using input{ stdin { codec=>json } } breaks things down correctly.

Then you probably want to do a conditional + grok on the value of the success field and from that rebuild the message

clandestino_bgd · December 23, 2015, 9:03am

Thanks. Sadly, it doesn't. It stores the whole json under source in ES document.
I want to store only content of "data" field in the ES source, as explained in the original question.

Topic		Replies	Views
Is it possible to use the json codec along with a json filter to further parse things into other fields? Logstash	9	1950	March 26, 2018
JSON Parsing Error - Logstash Logstash	2	312	January 2, 2020
Parse json "message" into separate fields in Kibana Logstash	3	8380	February 15, 2019
Logstash json filter parsed fields cannot be read within logstash Logstash	5	402	March 13, 2017
How to parse the json string Logstash	2	275	January 3, 2021

How to parse json responses in logs

Related topics