JSON log format

Mykolaichenko · March 28, 2016, 8:32am

Hi!
I have filebeat, logstash and json log format in application.
It looks like this:

{"timestamp":1459152943492,"date":"Mar 28, 2016 10:15:43 AM","hostname":"hostname","username":"tomcat","level":"INFO","thread":"SimpleAsyncTaskExecutor-3","classname":"com.ju.source.download.service.DownloadServiceImpl","filename":"DownloadServiceImpl.java","linenumber":159,"methodname":"downloadSources","message":"full message here"}

How can i ship it to Elastic more quickly and maybe community have best practise for this?)

Not its working like this:

if [type] == "json" {
json {
source => "message"
}
}

It works pretty good, but some problems goes on too:

I will not use any filters
Timestamp not matched to real field and matched as additional
Thats all

Maybe anyone have experience with json?

magnusbaeck · March 28, 2016, 8:38am

Not its working like this:

Did you mean "now it's working like this" or did you actually mean that it isn't working?

About your questions:

We can't help without getting your full configuration and an example input event.
I don't understand the question fully, but it sounds like you don't have a date filter or that it's incorrectly configured. Again, seeing your configuration and example event would make it posisble to help.

Mykolaichenko · March 30, 2016, 4:02pm

Yep, its working now)
I will find best practices for Json processing.

Topic		Replies	Views
Problem with JSON logs Beats filebeat	3	558	March 9, 2019
JSON timestamp coming as text Logstash	7	381	November 24, 2023
Having trouble parsing my JSON apache log using Logstash Logstash	5	149	March 18, 2024
Json format and types Beats filebeat	3	3054	August 9, 2018
Need help with parsing json fields Logs	4	3700	April 15, 2019

JSON log format

Related Topics