hi,im learning little deep in logstash filter concept. i have a sample log message,i want to aggregate them,group the particular event,and want to custom label the field..
This is my sample log message,Someone Guide me.
[{
"logID": 1,
"organizationID": 1,
"userID": 1001,
"appID": 123,
"moduleID": 1,
"screenID": 213,
"timeStamp": "2017-03-15 10:06:26",
"action": "Login",
"purpose": "log",
"role": "Doctor",
"location": "Hospital",
"ipaddress": "192.168.1.3",
"networkType": "desktop",
"method": "getAll",
"category": "normal",
"description": "successfully logged in"
}, {
"logID": 2,
"organizationID": 1,
"userID": 201,
"appID": 201,
"moduleID": 2,
"screenID": 224,
"timeStamp": "2017-03-15 10:36:06",
"action": "Login",
"purpose": "log",
"role": "Nurse",
"location": "Clinic",
"ipaddress": "192.168.2.6",
"networkType": "tablet",
"method": "addVitals",
"category": "minor error",
"description": "error logged"
}, {
"logID": 3,
"organizationID": 1,
"userID": 1245,
"appID": 654,
"moduleID": 2,
"screenID": 225,
"timeStamp": "2017-03-15 10:46:26",
"action": "Book_apt",
"purpose": "log",
"role": "Patient",
"location": "public",
"ipaddress": "192.178.1.5",
"networkType": "mobile",
"method": "getByID",
"category": "severe error",
"description": "error logged"
}, {
"logID": 4,
"organizationID": 1,
"userID": 1001,
"appID": 123,
"moduleID": 1,
"screenID": 213,
"timeStamp": "2017-03-15 11:16:26",
"action": "Logout",
"purpose": "log",
"role": "Doctor",
"location": "Hospital",
"ipaddress": "192.168.1.3",
"networkType": "desktop",
"method": "getAll",
"category": "normal",
"description": "successfully logged out"
}, {
"logID": 5,
"organizationID": 1,
"userID": 2365,
"appID": 321,
"moduleID": 3,
"screenID": 654,
"timeStamp": "2017-03-15 11:56:36",
"action": "Find_doctor",
"purpose": "log",
"role": "Patient",
"location": "public",
"ipaddress": "192.178.6.8",
"networkType": "desktop",
"method": "getByName",
"category": "normal",
"description": "Doctor found"
}]