2022-10-27 08:39:02 [https-jsse-nio-9078-exec-7] INFO i.c.p.va.security.LoggerFilter - Response Body : {"responseCode":"00","responseDesc":"Approved","data":"{"vaNumber":"11122233344","accountName":"NAME","balance":"205569"}"}
i already apply grok filter like this
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} [%{NOTSPACE:program}] %{LOGLEVEL:logLevel}%{SPACE}%{NOTSPACE:serviceName} - Response Body : %{GREEDYDATA:responseBody}" }
and the result is the "data" object from Response Body didn't parsed. i just got responseBody.responseCode & Desc. if i try to change the json filter to become like this:
This is my log look like actually. i don't know why the \ character is dissapear in my post before. then, if my log look like this. was there any way to parse it? Thank you
"error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [responseBody.data] of type [text] in document with id '6WQFLIQBueWIjhGITXWO'
> "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:59"}}}}}
I don't know why [responseBody][data] read as text. maybe it because the previous filter?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.