JSON Filter target doesn't work

AndreAga · April 28, 2017, 12:02pm

Hi,
this is my Grok + JSON Filter:

grok {
	match => { "message" => ".* \| URL: (?<url>[^ ]*) - Request: (?<request_json>(.|\r|\n)*) - Response: (?<response_json>(.|\r|\n)*)" }
}

if [request_json] != "---" {
	json {
		source => "request_json"
		target => "request"
	}
}

if [response_json] != "---" {
	json {
		source => "response_json"
		target => "response"
	}
}

I'm using logstash 5.3, and the result is that if I use the option target the log is not indexed, otherwise, if I comment it, the logs is indexed correctly.

Any suggestion? Thanks.

system · May 26, 2017, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why is this logstah filter not working as intended? Logstash	2	290	September 13, 2020
Another Filter is not work after json filter Logstash	11	741	April 25, 2018
My ruby filter doesn't work Logstash	7	667	January 8, 2021
BUG: JSON Filter Plugin needs target? Logstash	4	433	October 9, 2018
Grok filter if [type] Logstash	5	6103	January 16, 2017

JSON Filter target doesn't work

Related topics