Json message storing with message. extension in index

harijld · July 15, 2022, 9:24am

Hi Team, I have small query here.
I am sending json messag on Kafka queue and indexing the same in Elasticsearch. It is inserting properly but all the fields are storing with message.field extension. Is there any parameter do i need to include in the logstash config file to remove this message. extension.

logsstash config file -

input {
    kafka {
      bootstrap_servers => "XX.XX.XX.XX:9092"
          topics => ["logmes"]
    }
}

filter {

        json {
                source => "message"
             }
         }


output {
  elasticsearch {
    hosts => "https://XX.XX.XX.XX:9200"
    index => "tibco-app-logs"
    user => "elastic"
    password => "XXXXXXXXX"
    cacert => "/etc/logstash/elk-stack.crt.pem"
    ssl_certificate_verification => false
  }
}

Elasticsearch data -

Badger · July 15, 2022, 3:26pm

Since you have not given any indication what you JSON structure is, it is impossible to say.

system · August 12, 2022, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash pipeline for kafka message Logstash	4	397	July 27, 2022
Elastic Search using Message Content Parse with Logstash Logstash	6	976	January 26, 2022
Logstash Filter \|\| Json Message to Split Fields Logstash	3	2121	October 14, 2019
Configuring message_key kafka output plugin Logstash	3	1359	March 27, 2018
Json filter message filed Logstash	4	270	July 7, 2020

Json message storing with message. extension in index

Related topics