Nested Jason with Filebeat

(Michael U )

Dear all,
recently I used to do my logging.
My log-entries are nested .net objects, that I serialize to Json using NLog.

With it just works fine - I can model any log-message and it will show up as a nested JSON in Kibana.

Now I want to build this with my own ELK stack using filebeats sending directly to ES.

The first problem I run into is:
Filebeats seems to have issues handling nested Json rows.

Sample Json as received by

 "_source": {
    "level": "Info",
    "strategyContext": {
      "strategyTitle": "Strat1",
      "magicID": "123",
      "symbol": "Crypto",
      "vpid": "1"
    "appName": "MFM_Live",
    "logger": "MFM.Trades",
    "message": "InstructionID: 123 Order opened 123",
    "logClass": "StrategyLog",
    "type": "nlog",
    "sequenceId": "2",
    "logAction": "Trading_L20_Order_Success",
    "tags": [
    "@timestamp": "2018-01-24T22:06:32.1576008+01:00",
    "trading_L20_Order_Success": {
      "orderID": "123",
      "instructionID": "123",
      "logLevel": 2,
      "logMessage": "InstructionID: 123 Order opened 123"

This I want to achieve with my own ELK stack - what do I need to do?

Thanks and regards


(Andrew Kroh)

I see how you would like the output to be, what's the input?

Please share the raw log lines that are being ingested by Filebeat.
Please share the configuration you are using for Filebeat.

#3

