I have ELK stack of version 7.3.1 .I am pasting my JSON using Logstash
input {
file {
#path => ["D:\ashishdoc.json"]
path => ["D:\Sentient\elk_upgrade\logstash-7.3.1\logstash-7.3.1\ashishdoc.json"]
start_position => "beginning"
codec => "json"
}
}
filter {
split {
field => "[cpudetail][CPUInfo][ProcessDetailsList]"
}
}
output
{
stdout { codec => json }
elasticsearch
{
hosts => ["http://localhost:9200/"]
index => "ashishkumar"
}
}
and JSON to be parsed -
{"deviceType":"Notebook","harddiskdetail":null,"subnet":"10.11.92.0","macid":"54:BF:64:59:7A:56, 0A:00:27:00:00:0E, 02:00:4C:4F:4F:50","port":7185,"deviceClassification":"Member Workstation","version":1,"tenantid":"1","msgid":1566554829788,"schemaversion":"1.4","response":"yes","responseData":{"ResponseValues":{"resultDataType":"double","responseCategory":"1","resultValue":"28.000000"}},"softwareDetail":null,"@timestamp":"2019-08-23T10:07:35.178Z","arch":"10.0.17134","osversion":"Microsoft Windows 10 Enterprise","patchdetail":null,"genericAlertDetail":null,"eventlogdetail":null,"hostname":"BHL011829.persistent.co.in","@version":"1","errorDetail":null,"diskencryptiondetail":null,"filedetail":null,"registryDetail":null,"userDetail":null,"host":"rlcs","antivirusdetail":null,"devicedn":"CN=BHL011829,OU=India-Laptops,OU=AdminRights-Exclusions-Laptops,OU=Exceptions,DC=persistent,DC=co,DC=in","MessageType":"query","customitem4":"","customitem1":"","cpudetail":{"CPUInfo":{"cpuVendor":"GenuineIntel","cpuModel":"Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz","userTimePerc":7,"totalCores":8,"totalCPUPerc":28,"sysTimePerc":17,"idleTimePerc":70,"cpuMHZ":1800,"niceTimePerc":70,"ProcessDetailsList.0":{"cpuPerc":100,"startTime":1565340154000,"memSize":54525952,"user":"","cpuTime":"25873:45","ProcessName":"","pid":0,"memResident":8388608,"state":"Running"},"ProcessDetailsList.1":{"cpuPerc":0,"startTime":1565340154000,"memSize":234881024,"user":"","cpuTime":"274:35","ProcessName":"","pid":4,"memResident":10628366336,"state":"Running"}}}}
I am running Logstash on Windows and the JSON file have full Control to every user or anonymous users as well.