JSON file parse error

Hi, I am trying to parse a JSON file with this structure:

    "plugin": "cloudtrailBucketAccessLogging",
    "category": "CloudTrail",
    "title": "CloudTrail Bucket Access Logging",
    "description": "Ensures CloudTrail logging bucket has access logging enabled to detect tampering of log files",
    "resource": "arn:aws:s3:::cloudtrail",
    "region": "eu-west-1",
    "status": "FAIL",
    "message": "Unable to locate S3 bucket, it may have been deleted",
    "compliance": "CIS1: 2.6 Ensure CloudTrail bucket access logging is enabled"
    "plugin": "cloudtrailToCloudwatch",
    "category": "CloudTrail",
    "title": "CloudTrail To CloudWatch",
    "description": "Ensures CloudTrail logs are being properly delivered to CloudWatch",
    "resource": "arn:aws:cloudtrail:eu-west-1:XXXXXXXX:trail/CloudTrail",
    "region": "us-east-1",
    "status": "FAIL",
    "message": "CloudTrail CloudWatch integration is not enabled",
    "compliance": "CIS1: 2.4 Ensure CloudTrail trails are integrated with CloudWatch Logs"

But I am getting errors. Is there any way to parse this kind of files?


What configuration are you using to parse it and what errors are you gettting?

Here is my configuration.I have tried several different configuration that I have found from your answers in posts.

s3 {
          access_key_id       => "${vault:devops/data/AWS/IAM/Users/Logstash#ACCESS_KEY_ID}"
          secret_access_key   => "${vault:devops/data/AWS/IAM/Users/Logstash#SECRET_ACCESS_KEY}"
          bucket              => "devops-vulnerabilities"
          region              => "eu-west-1"
          prefix              => "AWS/CloudSploit"
          codec               => multiline { 
                                  pattern => "^Spalanzani"
                                  negate => true
                                  what => previous
                                  auto_flush_interval => 1
          #codec               => "json"
          add_field           => { "Vulnerability" => "true" }
          additional_settings => {
            force_path_style => true
            follow_redirects => false
filter {
        if [Vulnerability] == "true" {
          split { field => "someField" }

Here are the errors

:exception=>#<LogStash::Json::ParserError: Unexpected end-of-input within/between Object entries

Thank you very much!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.