Hy Everyone
myfile.log
17:54:24,429 DEBUG ExUsernamePasswordAuthenticationFilter.successfulAuthentication():319 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4ab41e5e: Principal: {"lastName":"","address":null,"relativeIds":"135,117,118,120,124,","gender":"Male","city":433,"userId":4265,"firstName":"Shiv","mrTrendingTags":"#निरोगी जिवन\t\t#आरोग्याचे फायदे\t\t#आहार आणि पोषण\t\t#वजन कमी होणे\t\t#स्किनकेअर","imageUrl":"","name":"Shiv","middleName":"","enTrendingTags":"#Healthy Living\t\t#Health Benefits\t\t#Diet and Nutrition\t\t#Weight Loss\t\t#SkinCare","state":21,"email":"","key":"kuchbhi@1234"}; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 192.168.0.119; SessionId: ta5yfu0ukunudcea7j8t1ekd; Granted Authorities: com.kreativ.hellodox.core.components.security.PatientAccountDetails$1@57f53d7
logstash.conf
input {
file {
path => "/home/elk/Downloads/alllogs/myfile.log"
sincedb_path => "/dev/null"
start_position => "beginning"
}
}
filter {
grok{
match => {"message" => "%{TIME} %{WORD}\s(?<java_method>[^(]*)%{GREEDYDATA:message}\{%{GREEDYDATA:key_pairs}\}%{GREEDYDATA:more_data}"}
}
if "ExUsernamePasswordAuthenticationFilter.successfulAuthenticatio" in [java_method]
{
mutate {
gsub => [
"key_pairs", "[\\?\t?#-]", "",
"key_pairs", '"', '']
}
mutate {
split => ["key_pairs", ","]
}
}else{
drop { }
}
}
output {
stdout {}
}
Issue:
The output of this conf file is
"key_pairs" => [
[ 0] "lastName:",
[ 1] "address:null",
[ 2] "relativeIds:135",
[ 3] "117",
[ 4] "118",
[ 5] "120",
[ 6] "124",
[ 7] "",
[ 8] "gender:Male",
[ 9] "city:433",
[10] "userId:4265",
[11] "firstName:Shiv",
[12] "mrTrendingTags:निरोगी जिवनttआरोग्याचे फायदेttआहार आणि पोषणttवजन कमी होणेttस्किनकेअर",
[13] "imageUrl:",
[14] "name:Shiv",
[15] "middleName:",
[16] "enTrendingTags:Healthy LivingttHealth BenefitsttDiet and NutritionttWeight LossttSkinCare",
[17] "state:21",
[18] "email:",
[19] "key:kuchbhi@1234"
]
Output Needed
"key_pairs" => [
[ 0] "lastName:",
[ 1] "address:null",
[ 2] "relativeIds:135","117","118","120","124",
[ 3] "gender:Male",
[ 4] "city:433",
[5] "userId:4265",
[6] "firstName:Shiv",
[7] "mrTrendingTags:निरोगी जिवनttआरोग्याचे फायदेttआहार आणि पोषणttवजन कमी होणेttस्किनकेअर",
[8] "imageUrl:",
[9] "name:Shiv",
[10] "middleName:",
[11] "enTrendingTags:Healthy LivingttHealth BenefitsttDiet and NutritionttWeight LossttSkinCare",
[12] "state:21",
[13] "email:",
[14] "key:kreativsarg@1234"
]
Here is the issue with relativeIds key beacause values inside relativeIds changes it can be null also
Please help any suggestion will be helpful