we have an input file with a format like below. How to process it with logstash?
{
"message" => "test",
"@timestamp" => "2013-12-23T22:30:01.000Z",
"@version" => "1",
"type" => "syslog",
"host" => "0:0:0:0:0:0:0:1:52617",
"received_at" => "2013-12-23 22:49:22 UTC",
"received_from" => "0:0:0:0:0:0:0:1:52617",
"headers" =>{
"key1" => "value1",
"key2" => "value2"
}
}
PS: I don't know what this format is known so difficult to google it 
That looks like output from the rubydebug codec, which uses the amazing print library. I would suggest converting it to JSON and then parsing it with a json filter.
I assume you are consuming that as a single event.
A simple gsub will get you most of the way there
mutate { gsub => [ "message", " => ", ": " ] }
If you have arrays you may need to remove the indexes. If your arrays look like
"someField" => [
[0] "foo",
[1] "bar"
]
you will also need
mutate { gsub => [ "message", " \[\d+\] ", "" ] }This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.