Hi i am trying to move my application logs to kibana through logstash.
input {
file {
path => "/home/ubuntu/*"
}
}
filter {
json {
source => "message"
}
}
output {
amazon_es {
hosts => ["*****************************************"]
region => "us-east-1"
index => "stash"
#user => "elastic"
#password => "changeme"
}
}
when i try to run the config file this what the output i get:
[WARN ] 2020-03-24 11:15:34.878 [[main]>worker1] json - Error parsing json {:source=>"message", :raw=>"[2020-03-24 11:15:33] file_db_logger.INFO: {\"Code\":\"BGDRIF947\",\"Message\":\"Total items backup today\",\"time\":1585048533,\"userId\":\"*************\",\"businessUserId\":\"**********\",\"cloudId\":1,\"domainId\":\"****\",\"additionalInfo\":\"389,395,0\"} [] []", :exception=>#<LogStash::Json::ParserError: Unexpected character ('-' (code 45)): was expecting comma to separate Array entries
kindly help me out with this
Badger
March 24, 2020, 12:32pm
2
That is not valid JSON. You could parse the prefix off using dissect .
Hi Badger, Thank for replying will try it
Hi
Dissect dint work for me but i used this
input {
file {
path => "/home/ubuntu/*"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "(?<jsonf>({.*}))"}
}
json {
source => "jsonf"
}
mutate {
remove_field => [ "message","jsonf" ]
}
}
output {
amazon_es {
hosts => ["***********************"]
region => "us-east-1"
index => "lgs-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
It dint show up any error says that "logstash API started successfully "
But still i am not able to see up the index created in kibana . I am using AWS Elasticsearch.
My server has a full permission to Elastic Search.
fadjar340
March 28, 2020, 3:00am
5
Try put:
codec => "json" into the input
Regards,
Hey guys thank for you time Actually i was giving my log file path wrongly other than that the configurations works perfectly.
system
April 27, 2020, 8:05am
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.