My Raw Data
{"records":[{"parent":"","made_sla":"true","caused_by":"","watch_list":"","upon_reject":"cancel","sys_updated_on":"2020-01-22 05:47:33","child_incidents":"0","u_incident_age_in_days":"1970-07-21 00:13:56","hold_reason":"","approval_history":"","skills":"","number":"INC0011015","resolved_by":"6816f79cc0a8016401c5a33be04be441","sys_updated_by":"admin","opened_by":"6816f79cc0a8016401c5a33be04be441","user_input":""},{"parent":"","made_sla":"true","caused_by":"","watch_list":"","upon_reject":"cancel","sys_updated_on":"2020-01-22 05:47:33","child_incidents":"0","u_incident_age_in_days":"1970-07-21 00:16:40","hold_reason":"","approval_history":"","skills":"","number":"INC0010021","resolved_by":"6816f79cc0a8016401c5a33be04be441","sys_updated_by":"admin","opened_by":"6816f79cc0a8016401c5a33be04be441","user_input":""} ]
My config file
input {
http_poller {
urls => {
url => "https://dev63285.service-now.com/incident_list.do?JSONv2&display_value=True&sysparm_exclude_reference_link=True&sysparm_fields=number%2Cstate%2Copened_at%2Cclosed_at%2Cpriority%2Cassigned_to%2Cassignment_group%2Cactive%2Cimpact%2Curgency%2Cseverity&sysparm_limit=1sysparm_view=json_view"
}
request_timeout => 60
proxy => { host => "10.88.129.144" port => "80" scheme => "http"}
user => "admin"
password => "Snow2020*"
schedule => { cron => "* * * * *"}
codec => "json"
metadata_target => "http_poller_metadata"
}
}
filter
{
split {
field => "records"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "servicenowinc"
}
stdout {
codec => rubydebug
}
}
Getting below error when I run the config file.Please help.
"Only String and Array types are splittable. field:records is of type = NilClass"
C:/Elastic_Stack/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"tags" => [
[0] "_http_request_failure",
[1] "_split_type_failure"
],
"http_request_failure" => {
"error" => "connect timed out",
"backtrace" => nil,
"runtime_seconds" => 10.24,
"request" => {
"url" => "https://dev63285.service-now.com/incident_list.do?JSONv2&display_value=True&sysparm_exclude_reference_link=True&sysparm_fields=number%2Cstate%2Copened_at%2Cclosed_at%2Cpriority%2Cassigned_to%2Cassignment_group%2Cactive%2Cimpact%2Curgency%2Cseverity&sysparm_limit=1sysparm_view=json_view",
"method" => "get"
},
"name" => "url"
},
"@timestamp" => 2020-01-22T09:27:10.596Z,
"@version" => "1",
"http_poller_metadata" => {
"host" => "DESKTOP-JRAAHA2",
"runtime_seconds" => nil,
"request" => {
"url" => "https://dev63285.service-now.com/incident_list.do?JSONv2&display_value=True&sysparm_exclude_reference_link=True&sysparm_fields=number%2Cstate%2Copened_at%2Cclosed_at%2Cpriority%2Cassigned_to%2Cassignment_group%2Cactive%2Cimpact%2Curgency%2Cseverity&sysparm_limit=1sysparm_view=json_view",
"method" => "get"
},
"name" => "url"
}
}
[2020-01-22T14:58:10,284][WARN ][logstash.filters.split ][main] Only String and Array types are splittable. field:records is of type = NilClass
{
"tags" => [
[0] "_http_request_failure",
[1] "_split_type_failure"