Parser un fichier text avec logstash

bonjour,
j'ai un fichier .txt que je dois ingérer dans logstash pour l'intégrer sur elasticsearch;
voici un extait du fichier:
{"_index":"logs-2010.11.27","_type":"doc","_id":"xcA","_score":null,"_source":{"app_name":"selfcare-b2c-conso","@timestamp":"2019-11-27T00:00:00.006Z","message":"Check for : 4750506"},"sort":[800006]}
et je dois recuperer les element dans message comme le text "Check authorization for : 776320506" le champ sort
j'ai crer mon fichier conf mais je n'y arrive pas voici ce que j'ai fais:

input {
file {
path => "/home/fatouthink/Bureau/tout/docs stage/tp2/logstash.txt"
start_position => "beginning"
}
}
filter {
mutate {
split => ["message", " "]
add_field => { "message_fields" => "%{message[0]}" }
}
grok {
match=>{
"message"=>"%{NOTSPACE:bloc}%{TIMESTAMP_ISO8601:time}%{WORD:method}%{IP:clientip}|%{GREEDYDATA}"
}
}
date{ match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]}

}

output {

 stdout { codec => rubydebug }

}

Hi

Given your input data example, you could add codec => "json" (https://www.elastic.co/guide/en/logstash/7.6/codec-plugins.html) to your file{} input plugin, that should give you all the variables as you need them, except for _source, that will still be a dictiionary.

Then, on your filter{} section, coment out your mutate{} and grok{} filters and try the json{} filter, with source => "_source". This should give you all the fields.

Hope this helps.

thank i will try to use your method

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.