This is one of my log message.
time="2018-03-08T17:24:23+05:30" level=error msg="{\"Status\":\"404 Not Found\",\"StatusCode\":404,\"Body\":\"{\\\"error\\\":{\\\"code\\\":\\\"005056A509B11EE1B9A8FEC11C21D78E\\\",\\\"message\\\":{\\\"lang\\\":\\\"en\\\",\\\"value\\\":\\\"Resource not found for the segment 'BAPI_ALM_NOTF_GET_DETAILSet(Number='10000249')'.\\\"},\\\"innererror\\\":{\\\"transactionid\\\":\\\"5AA0193184AA6D54E10000000AA00F06\\\",\\\"timestamp\\\":\\\"20180308112628.5835200\\\",\\\"Error_Resolution\\\":{\\\"SAP_Transaction\\\":\\\"Run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details\\\",\\\"SAP_Note\\\":\\\"See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)\\\"}}}}\"}" api="/sap/worder_srv/get_notification/10000249" code=500 tenantid=1 username=admin
I used below logstash config file's filter for it.
filter {
kv{}
mutate {
gsub => [
"msg", "/", ""
]
}
}
but it gives for msg filed following result.
"msg" => "{\\"
I want to get it as json array. How can I do this? please help me.