@sumit_n
Sorry for late reply . I did not realize your mention until now.
Using json filter should parse your json even.
Assuming you input event is ,
{"time_stamp":"2021-06-08T05:00:27.351201664Z","labels":{"vmm_index":0,"session_docker_id":"bf4c02a8ebfa0ce40d626f2b8280074431df2ad95c6f02360af38453b88b8135"},"event":{"kind":"Metric","category":"Session","type":"mysessioncontainer"}}
And if you use pipeline like below ,
input {
stdin {}
}
filter {
json {
source => "message"
}
}
output {
stdout {
codec => rubydebug { metadata => true}
}
}
You would get output something like,
[ywatanabe@laptop-archlinux logstash-7.13.4]$ echo '{"time_stamp":"2021-06-08T05:00:27.351201664Z","labels":{"vmm_index":0,"session_docker_id":"bf4c02a8ebfa0ce40d626f2b8280074431df2ad95c6f02360af38453b88b8135"},"event":{"kind":"Metric","category":"Session","type":"mysessioncontainer"}}' | bin/logstash -f config/json.conf
Using bundled JDK: /home/ywatanabe/Downloads/logstash-7.13.4/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /home/ywatanabe/Downloads/logstash-7.13.4/logs which is now configured via log4j2.properties
[2021-08-10T21:26:10,792][INFO ][logstash.runner ] Log4j configuration path used is: /home/ywatanabe/Downloads/logstash-7.13.4/config/log4j2.properties
[2021-08-10T21:26:10,798][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.13.4", "jruby.version"=>"jruby 9.2.16.0 (2.5.7) 2021-03-03 f82228dc32 OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
[2021-08-10T21:26:11,011][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-08-10T21:26:11,507][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-08-10T21:26:11,793][INFO ][org.reflections.Reflections] Reflections took 33 ms to scan 1 urls, producing 24 keys and 48 values
[2021-08-10T21:26:12,582][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["/home/ywatanabe/Downloads/logstash-7.13.4/config/json.conf"], :thread=>"#<Thread:0x543111da run>"}
[2021-08-10T21:26:13,139][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>0.55}
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.jrubystdinchannel.StdinChannelLibrary$Reader (file:/home/ywatanabe/Downloads/logstash-7.13.4/vendor/bundle/jruby/2.5.0/gems/jruby-stdin-channel-0.2.0-java/lib/jruby_stdin_channel/jruby_stdin_channel.jar) to field java.io.FilterInputStream.in
WARNING: Please consider reporting this to the maintainers of com.jrubystdinchannel.StdinChannelLibrary$Reader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2021-08-10T21:26:13,169][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-08-10T21:26:13,227][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
{
"@timestamp" => 2021-08-10T12:26:13.209Z,
"time_stamp" => "2021-06-08T05:00:27.351201664Z",
"host" => "laptop-archlinux",
"@version" => "1",
"event" => {
"kind" => "Metric",
"type" => "mysessioncontainer",
"category" => "Session"
},
"message" => "{\"time_stamp\":\"2021-06-08T05:00:27.351201664Z\",\"labels\":{\"vmm_index\":0,\"session_docker_id\":\"bf4c02a8ebfa0ce40d626f2b8280074431df2ad95c6f02360af38453b88b8135\"},\"event\":{\"kind\":\"Metric\",\"category\":\"Session\",\"type\":\"mysessioncontainer\"}}",
"labels" => {
"vmm_index" => 0,
"session_docker_id" => "bf4c02a8ebfa0ce40d626f2b8280074431df2ad95c6f02360af38453b88b8135"
}
}
Thanks.