JSON log format

Elastic Stack Logstash
1

Hi!
I have filebeat, logstash and json log format in application.
It looks like this:

{"timestamp":1459152943492,"date":"Mar 28, 2016 10:15:43 AM","hostname":"hostname","username":"tomcat","level":"INFO","thread":"SimpleAsyncTaskExecutor-3","classname":"com.ju.source.download.service.DownloadServiceImpl","filename":"DownloadServiceImpl.java","linenumber":159,"methodname":"downloadSources","message":"full message here"}

How can i ship it to Elastic more quickly and maybe community have best practise for this?)

Not its working like this:

if [type] == "json" {
json {
source => "message"
}
}

It works pretty good, but some problems goes on too:

  1. I will not use any filters
  2. Timestamp not matched to real field and matched as additional
  3. Thats all :slight_smile:

Maybe anyone have experience with json?

2

Not its working like this:

Did you mean "now it's working like this" or did you actually mean that it isn't working?

About your questions:

  1. We can't help without getting your full configuration and an example input event.
  2. I don't understand the question fully, but it sounds like you don't have a date filter or that it's incorrectly configured. Again, seeing your configuration and example event would make it posisble to help.
3

Yep, its working now)
I will find best practices for Json processing.