Logstash out put format issue

Sivaprakash_Shanmuga · February 8, 2018, 11:49am

Hi,

Here is my logstash configuration

input {
http {
host => "127.0.0.1"
port => 8001
codec => json
add_field => { "raw_message" => "%{message}" }
response_headers => {
"Access-Control-Allow-Origin" => "*"
"Content-Type" => "application/json"
"Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type, Accept"
}
}
}

output {
stdout { codec => rubydebug }
}

Input from Postman

{
"role":"ROLE_ADMIN",
"id":34
}

Output which I see on terminal as below

"id" => 34,
"host" => "127.0.0.1",
"raw_message" => "%{message}",
"role" => "ROLE_ADMIN",
"headers" => {
"http_origin" => "chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop",
"http_version" => "HTTP/1.1",
"http_cache_control" => "no-cache",
"content_type" => "application/json",
"http_accept_language" => "en-US,en;q=0.9",
"http_postman_token" => "ec076902-5473-0af0-de04-3350961c3481",
"http_user_agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
"http_accept" => "/",
"http_connection" => "keep-alive",
"request_method" => "POST",
"request_path" => "/token",
"request_uri" => "/token",
"content_length" => "65",
"http_accept_encoding" => "gzip, deflate, br",
"http_host" => "localhost:8001"
},
"@timestamp" => 2018-02-08T11:21:43.020Z,
"@version" => "1",

I dont get my in put JSON inside message (I see them individual property) However, If I pass values through Curl command I'm able to see message with exact json which Im passing.

magnusbaeck · February 8, 2018, 12:31pm

So you don't want Logstash to parse the JSON for you? Change from the json codec to plain in the http input plugin.

Sivaprakash_Shanmuga · February 8, 2018, 2:07pm

I want logstash to process JSON., I want to write the Body (Paload) into Elasticsearch. But I do not get message JSON here. How to get it?

magnusbaeck · February 8, 2018, 3:20pm

Logstash will take the whole event and turn it into JSON before shipping it to Elasticsearch. What you have in your example above looks fine and I think you've misunderstood what Logstash does.

Sivaprakash_Shanmuga · February 8, 2018, 3:27pm

Yes I misunderstood it.
So is there any way i can extract only Payload data and write it into Elasticsearch? Filter would help?

magnusbaeck · February 8, 2018, 4:24pm

Yes, the mutate filter can delete unwanted fields.

Sivaprakash_Shanmuga · February 8, 2018, 4:41pm

Thank you ., it works

system · March 8, 2018, 4:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.