Insert json string (logtastsh ) - SOLVED

rocavalcante · June 10, 2017, 7:34pm

Hello, I would like to add a json string in the logstash output, and in the future save the output "call output_db" in a postgreSQL database, however, I still can not get the initial step of inserting the whole string into the logstash output.

logstash.conf:
input {
beats {
port => "5043"
type => "json"
}

}

filter {

grok { 
     match => [ "message", "%{GREEDYDATA}"]
}

  json{
      source => "message"
      add_field => { "output"=> {"from":"workstationSMD","event":{"product":{},"moment":"2015121418011800","status":{},"data":"%{message}"}}}

    
  }

}

output {

stdout {
       codec => json_lines

jdbc {

#        connection_string => "jdbc:postgresql://myip/database"
 #       username => "myuser"
  #      password => "mypassword"
   #     statement => [ INSERT INTO logstash_log(log_received)VALUES ('output_db'); ]
        
    #     }
}

}

magnusbaeck · June 11, 2017, 8:23pm

Have a look a the json_encode filter for producing the JSON string. Once that's working, reference it in the jdbc output with the standard %{name-of-field} syntax.

rocavalcante · June 12, 2017, 12:41am

Thanks Magnus!

And on the json string in a single field, is it possible? I already researched a lot using json and mutate filter but I was not successful.
add_field => { "output"=> {"from":"workstationSMD","event":{"product":{},"moment":"2015121418011800","status":{},"data":"%{message}"}}}

magnusbaeck · June 12, 2017, 6:01am

And on the json string in a single field, is it possible?

Sorry, I don't understand.

add_field => { "output"=> {"from":"workstationSMD","event":{"product":{},"moment":"2015121418011800","status":{},"data":"%{message}"}}}

To build a structure like this in Logstash you need to do this:

add_field => {
  "[output][from]" => "workstationSMD"
  "[output][event][moment]" => "2015121418011800"
  "[output][event][data]" => "%{message}"
}

I don't think you can create empty hashes (objects) in this manner. You probably need to use a ruby filter for that.

Once you've done the above you should be able to pass the output field to the json_encode filter.

rocavalcante · June 12, 2017, 12:40pm

Thank you so much! Magnus! I will test

system · July 10, 2017, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter to extract string from Json in postgresql table Logstash	6	1289	August 21, 2018
Json Parsing Logstash	8	287	November 10, 2021
Split filter and add_field encoding object to a JSON string Logstash	8	306	August 24, 2023
MySQL > JDBC > Logstash > Elastic Logstash	3	1055	June 13, 2017
Add field from JSON / logstash filter Logstash	4	8992	January 15, 2017

Insert json string (logtastsh ) - SOLVED

jdbc {

Related topics