Parse json "message" into separate fields in Kibana

Hi Team,

I am looking to parse my json message into individual fields in Kibana. I have been trying out a lot of the recommendations online and on this forum but to no avail.
The conf file I have created is as follows:

input {

gelf {
type => "log"
add_field => { "log_level" => "-" }
codec => json
}
}

filter {

if [type]== "log" {
json {
source => "message"
}
}
}

output {

if [type] == "log" {
elasticsearch {
hosts => ["elasticsearch"]
index => "logstash-logs-%{+YYYY.MM.dd}"
}
}
}

And my JSON message looks like this :
{"time": "2019-01-17T06:13:56.618263", "event": "response", "log_type": "test-api", "request_unique_id": "fe32285e-504d-46a1-bd87-78640232cb0b", "URL": "http://localhost/debug/db_connection_status", "method": "GET", "device_info": "Docker Health Check", "request_user": "", "remote_addr": "127.0.6.6", "server_protocol": "http", "status_code": 200, "processing_time": 0.0019574579782783985}

Could you please help in figuring where I am going wrong as the above json is writtend altogether in a "message" field and not as individual key-value fields

You do not need both a json codec and a json filter, use one or the other. Does the log_level field get added to your events?

Hi Badger, thanks! that worked!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.