Need help Parsing json with grok

I am trying to use grok to parse down json, I am new and have the following

filter {
    if [syslog5424_app] == "nginx-access" {
        json {
            source => "syslog5424_msg"
            skip_on_invalid_json => true
            tag_on_failure => "invalid_json"
            target => "dynamic_json"
        }
        mutate {
            add_field => {
                "syslog5424_app" => "%{[dynamic_json][syslog5424_app]}"
                "syslog5424_host" => "%{[dynamic_json][syslog5424_host]}"
                "x-forwarded-for" => "%{[dynamic_json][x-forwarded-for]}"
                "clientip" => "%{[dynamic_json][clientip]}"
                "user" => "%{[dynamic_json][user]}"
                "response" => "%{[dynamic_json][response]}"
                "request" => "%{[dynamic_json][request]}"
                "sent" => "%{[dynamic_json][sent]}"
            }
        }
        grok{
            patterns_dir => "<%= @config['patterns_dir'] %>"
            match => { "syslog5424_msg" => "%{NGINX_ACCESS}" }
        } 
    }
} 

and created this pattern :

NGINX_ACCESS %{SYSLOGPROG:syslog5424_app} %{SYSLOGHOST:syslog5424_host} "%{XFORWARDEDFOR:xforwardedfor}" - %{IPORHOST:clientip} %{USER:ident} \[%{HTTPDATE:timestamp}\] %{NUMBER:response} %{URIPATHPARAM:request} %{NUMBER:sent}

But I get no logs in kibana, when othe log filters are working fine. Please help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.