Hi,
I am trying to parse mule logs using logtsash grok filter the mule logs basically contains a logger in which i am printing nested json format.Using if else condition i have used drop filter to remove the unnecessary data and wish to parse the following log record
INFO 2018-05-14 15:39:18,980 [[Realtime_flow].HTTP_Listener_Configuration.worker.01] org.mule.api.processor.LoggerMessageProcessor: {"versionId":"1.0","environment":{"organizationId":"XYZ","businessUnitId":"APPS","projectId":"ABC","environmentId":"DEV","serverId":"90.246.16.101"},"transaction":{"interfaceId":"interface01","sourceId":"DB","targetId":"XYZ"},"transactionDetail":{"correlationId":"dd820c30-575e-11e8-9bc5-40e920524153","businessId":"B04","executionTime":"2018-05-14 03:39:18:977","executionPoint":"Execution end point of interface01","executionMessage":"After completion of transaction","executionStatus":"SUCCESS","payload":{}}}
I want to write grok filter to take the bold text(nested json in one field) but i am unable to write the filter for the same. I have tried the following filter but i am not getting the data in seperate fields.Can you please help me in writing the grok pattern-
grok
{
match => ["message", "%{LOGLEVEL:level}%SPACE%{TIMESTAMP_ISO8601:executiontime}%{SYSLOG5424SD}.%{JAVACLASS:class}%{BASE16FLOAT}%SPACE%{JAVACLASS:class1}:%SPACE{GREEDYDATA:jsonmsg}"]
}