How to parse message use ELK+Kafka

tod-yangyd · June 11, 2021, 5:02am

Recently I tried to analyzed the log with the stream：filebeat -> kafka ->logstash -> ES

The data stored in ES becomes the structure shown below：

{
   “_source”:{
           “@timestamp” :  "YYYY-MM-DDTHH:mm:ss.sss"
           "message":""" "@timestamp" :   "YYYY-MM-DDTHH:mm:ss.sss",  "message": "raw data"         """"  }
}

The "raw data" I actually want to parse is in message:{"message" : "raw data"}, which FileBeat didn't have to worry about when sending data directly to Logstash in the past, now that Kafka is added, what do I do?

tod-yangyd · June 11, 2021, 5:52am

Well, when I add "codec = >;Json ", the data is correct.....

system · July 9, 2021, 5:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing filebeat -> kafka -> logstash Logstash	2	3730	June 30, 2017
Loading dumped non-parsed ES data to Logstash Logstash	2	431	July 11, 2017
Converting filebeat message with logstash Logstash	2	136	July 24, 2023
Filebeat -> logstash, wrapping message and extra fields problems! Logstash	7	2088	May 16, 2017
Input from kafka to logstash Logstash	5	300	July 11, 2019

How to parse message use ELK+Kafka

Related topics