How to parse json responses in logs

clandestino_bgd · December 22, 2015, 12:08pm

Hello, could somebody help me figuring this out?
I have the log file (containing server json responses) in the following format

{"success":true,"data":{"field1":"value1", "field2":"value2"}}
{"success":true,"data":{"field1":"value11", "field2":"value22"}}
{"success":false,"data":{"Exception blah blah"}}
{"success":true,"data":{"field1":"value111", "field2":"value222"}}

and I would like to create a documents in elasticsearch of the type myevent
with fields: field1 and field2 only if success was true

I had multiple failed attempts with codec => json
json filters, grok patterns, but no luck.

Thank you,
Milan

warkolm · December 23, 2015, 1:45am

Using input{ stdin { codec=>json } } breaks things down correctly.

Then you probably want to do a conditional + grok on the value of the success field and from that rebuild the message

clandestino_bgd · December 23, 2015, 9:03am

Thanks. Sadly, it doesn't. It stores the whole json under source in ES document.
I want to store only content of "data" field in the ES source, as explained in the original question.