Parse Json Array

Edufernandez2 · July 4, 2017, 2:29am

Trying to parse a Json array like this message

[{"UserDomain":"VOFFICESECURE","UserName":"Administrator","ComputerName":"DC01.vofficesecure.com"},{"UserDomain":"VOFFICESECURE","UserName":"Administrator","ComputerName":"Juliano-PC.vofficesecure.com"}]

I Would like to get Two different documents and can make it happens using below config using the cli and manually inputting the log

input {
stdin {
codec => "json"
}
}
filter {
split { }
}

output {
stdout {
codec => rubydebug
}
}

Im actually receiving that log from filebeat, I tried to use "codec => json" in the input "beats" but cant get the same results using the "split" in filter and indexing in Elasticsearch

Thanks

Edufernandez2 · July 4, 2017, 3:10am

Manage to got it working creating another beats input with json codec in another port.

system · August 1, 2017, 3:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.