Logstash Multiline json format - Nagios XI Api

Hi all,

I have a problem parsing the below json format. Its Nagios XI api response .

{
"recordcount": "xxx",
"logentry": [
{
"instance_id": "1",
"entry_time": "YYYY-MM-DD HH:MM:SS",
"logentry_type": "8192",
"logentry_data": "SERVICE ALERT: XXXX;OK;SOFT;1;OK - XXXX hit ratio 100.00%"
},
{
"instance_id": "1",
"entry_time": "YYYY-MM-DD HH:MM:SS",
"logentry_type": "8192",
"logentry_data": "SERVICE ALERT: XXXX;OK;SOFT;1;OK - XXXXX hit ratio 98.65%"
},
{
"instance_id": "1",
"entry_time": "YYYY-MM-DD HH:MM:SS",
"logentry_type": "2048",
"logentry_data": "HOST ALERT: XXXXX;SOFT;1;CRITICAL - XX.XX.XX.XX: rta nan, lost 100%"
}
]
}

I have tried different codecs (json, json_lines)

Multiline codec with different patterns .

Gsub to overwrite message.

But nothing seems to work. The message breaks in different parts and not recognized as json format. Any ideas ?

Any hints whould be greatly appreciated. Thanks in advanced

PS Sample config:

https://pastebin.com/kWxFQLTd

Is this the only blob of data in the input file or can the files contain multiple JSON objects? If yes, what are they separated by?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.