JSON Filter target doesn't work

AndreAga · April 28, 2017, 12:02pm

Hi,
this is my Grok + JSON Filter:

grok {
	match => { "message" => ".* \| URL: (?<url>[^ ]*) - Request: (?<request_json>(.|\r|\n)*) - Response: (?<response_json>(.|\r|\n)*)" }
}

if [request_json] != "---" {
	json {
		source => "request_json"
		target => "request"
	}
}

if [response_json] != "---" {
	json {
		source => "response_json"
		target => "response"
	}
}

I'm using logstash 5.3, and the result is that if I use the option target the log is not indexed, otherwise, if I comment it, the logs is indexed correctly.

Any suggestion? Thanks.

system · May 26, 2017, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.