Mapping json with logstash

hi friends

I'm starting now to use elk and for this reason I'm not very experienced. I do not understand where and how to create a template on logstash to map my json.

someone can help me with a practical example. I have already read all about the creation on the template on the reference site as well

but I can not put it into practice
i have this json of example and i want map it correctly.
please can you help me?

{"venue":
{"venue_name":"Daniels Hall",
"lon":-71.110497,
"lat":43.180725,
"venue_id":733258},
"visibility":"public",
"response":"yes",
"guests":0,
"member":
{"member_id":58963232,
"photo":"https://secure.meetupstatic.com/photos/member/b/6/0/0/thumb_68206592.jpeg","member_name":"Carol"},"rsvp_id":1697012514,"mtime":1509616048766,
"event":
{"event_name":"Singles dance party at Daniels Hall.",
"event_id":"dnwlpfywpbfb","time":1509751800000,
"event_url":"https://www.meetup.com/Nottingham-NH-Singles-Dance/events/244610141/"},
"group":
{"group_topics":[{"urlkey":"never-married","topic_name":"Never Married"},
{"urlkey":"widowed","topic_name":"Widowed"},
{"urlkey":"single-parties","topic_name":"Single Parents"},
{"urlkey":"women","topic_name":"Women's Social"},
{"urlkey":"socialnetwork","topic_name":"Social Networking"},
{"urlkey":"social","topic_name":"Social"},
{"urlkey":"dancing","topic_name":"Dancing"},
{"urlkey":"dating-and-relationships","topic_name":"Dating and Relationships"},
{"urlkey":"nightlife","topic_name":"Nightlife"},
{"urlkey":"singles","topic_name":"Singles"},
{"urlkey":"divorced","topic_name":"Divorced"},
{"urlkey":"singles-30s-50s","topic_name":"Singles 30's-50's"},
{"urlkey":"divorcesupport","topic_name":"Divorce Support"},
{"urlkey":"singles-dancing","topic_name":"Singles Dancing"},
{"urlkey":"newintown","topic_name":"New In Town"}],
"group_city":"Nottingham",
"group_country":"us",
"group_id":1546303,
"group_name":"Nottingham NH Singles Dance. Now 172 marriages.",
"group_lon":-71.12,"group_urlname":"Nottingham-NH-Singles-Dance",
"group_state":"NH",
"group_lat":43.09}}
{"visibility":"public",
"response":"yes",
"guests":0,
"member":{"member_id":225397640,
"other_services":{"facebook":{"identifier":"https://www.facebook.com/app_scoped_user_id/10212829685359398/"}},
"photo":"https://secure.meetupstatic.com/photos/member/1/8/f/2/thumb_271086386.jpeg",
"member_name":"Michael Yardeny"},
"rsvp_id":1694995732,
"mtime":1509616048965,
"event":{"event_name":"מפגש קהילת הסטארט אפים ברמת גן",
"event_id":"243850832",
"time":1509640200000,
"event_url":"https://www.meetup.com/StartUp-Ramat-Gan/events/243850832/"},
"group":{"group_topics":[{"urlkey":"innovation",
"topic_name":"Innovation"},
{"urlkey":"business-strategy",
"topic_name":"Business Strategy"},
{"urlkey":"professional-networking",
"topic_name":"Professional Networking"},
{"urlkey":"entrepreneurship",
"topic_name":"Entrepreneurship"},
{"urlkey":"social-entrepreneurship",
"topic_name":"Social Entrepreneurship"},
{"urlkey":"startup-businesses",
"topic_name":"Startup Businesses"},
{"urlkey":"social-innovation",
"topic_name":"Social Innovation"},
{"urlkey":"venture-capital",
"topic_name":"Venture Capital"},
{"urlkey":"business-startup",
"topic_name":"Business Startup"},
{"urlkey":"design-thinking",
"topic_name":"Design Thinking"},
{"urlkey":"startup-incubation-and-entrepreneurship-mentors",
"topic_name":"Startup Incubation"},
{"urlkey":"technology-startups",
"topic_name":"Technology Startups"}],
"group_city":"Ramat Gan",
"group_country":"il","group_id":15162482,
"group_name":"StartUp Ramat Gan",
"group_lon":34.8,
"group_urlname":"StartUp-Ramat-Gan",
"group_lat":32.08}}

What part are you having trouble understanding? The syntax for the index template? What the point of the template even is? Something else?

I have a set of log files that contain a json that I'll have to analyze.
I managed to extract the interest json correctly from the document.
Now I would like to create with logstash a mapping for this json.

Maybe, should I use something like that?

elasticsearch {
index => "log-%{+YYYY.MM.dd}"
document_type => "json_log"
	 # manage_template => true
	 # template => "E:\Programmi\logstash\bin\elasticsearch-template.json"
	 # template_overwrite => "true"
	codec => json

could it be correct this?
what do I have to write in the file? i dont understand
con you make a little example for my json
thanks

Sorry, but this is exactly what the blog post you linked to covers. If you don't understand that text and can't ask specific questions I don't think I'm able to help.

ok please
how i can create template with logstash for my json?
where i can see an example or find info for it?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.