Parse Logstash.log with logstash

webofmars · May 3, 2016, 1:33pm

Hello,

That might sounds a bit silly question (or circular one...) but how do you parse logstah.log with logstash itself. I always thought that it was json format but the ':' at the start seems to say that it isn't.

tried

filter {
json {
source => "message"
}
}

and it does produce error :

{:timestamp=>"2016-05-03T15:19:21.889000+0200", :message=>"Error parsing json", :source=>"message", :raw=>"{:timestamp=>"2016-05-03T14:12:18.094000+0200", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}", :exception=>#<LogStash::Json::ParserError: Unexpected character (':' (code 58)): was expecting double-quote to start field name
at [Source: [B@6f9f35c0; line: 1, column: 3]>, :level=>:warn}

magnusbaeck · May 8, 2016, 8:13pm

Yeah, Logstash's log files aren't JSON. There's no simple way of parsing them. Work is ongoing to make Logstash being able to emit JSON logfiles. I dug up the GitHub issue for this just a few days ago and posted it when someone asked the same question.

Topic		Replies	Views
Logstash filter to parse json --> json deserialized string Logstash	2	2649	February 5, 2018
How to parse the json string Logstash	2	275	January 3, 2021
Parse Json Logs using logstash Logstash	2	273	March 25, 2021
How to parse logs produced by logstash Logstash	2	352	July 6, 2017
Help with logstash config Logstash	4	355	October 16, 2018

Parse Logstash.log with logstash

Related topics