Parse JSON data with filebeat

calmandniceperson · March 27, 2017, 5:52pm

I queried Elasticsearch and got the following:

{
        "_index" : "filebeat-2017.03.27",
        "_type" : "log",
        "_id" : "AVsQ0S06i5178hY1Lr4U",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2017-03-27T17:29:16.356Z",
          "beat" : {
            "hostname" : "15f7ccc3a4c1",
            "name" : "15f7ccc3a4c1",
            "version" : "5.2.2"
          },
          "input_type" : "log",
          "message" : "{\"error\":\"dial tcp 172.21.0.2:5432: getsockopt: connection refused\",\"level\":\"error\",\"msg\":\"Could not open database connection\",\"time\":\"2017-03-27T17:19:35Z\"}",
          "offset" : 158,
          "source" : "/mnt/log/error.log",
          "type" : "log"
        }
      }

Could it somehow be related to Docker? I recreated all containers before starting the server and checking the logs. I suppose it doesn't matter which file endings the log files have (.json or .log)?

Topic		Replies	Views
Filebeat not parsing json in messages Beats filebeat	10	6815	June 5, 2018
Filebeat JSON message Beats	3	5197	November 24, 2017
Filebeat - Parse json output Beats filebeat	3	641	May 27, 2019
Unable to parse JSON logs through filebeat prospector Beats filebeat	3	2503	January 16, 2018
Parsing JSON with filebeat Beats filebeat	2	353	February 22, 2019

Parse JSON data with filebeat

Related topics