Parsing error Logstash with file as input

Xor44 · November 21, 2020, 2:48pm

Hi Folks ,
I'm new in ELK , i'm trying read and parse a file with logstash. But I get some errors during the parsing process
Here is an example of logs

// date="Nov 21 2020 14:36:00" AED="1.1.1.1" type=group_location pg_id="3000" pg_name="TEST on ASP-LAB1" country="US" bpsPassed="18" bpsDropped="0" ppsPassed="0" ppsDropped="0"
date="Nov 21 2020 14:37:00" AED="1.1.1.1" type=group_location pg_id="3000" pg_name="TEST on ASP-LAB1" country="US" bpsPassed="36" bpsDropped="0" ppsPassed="0" ppsDropped="0"

//
input {
file{
path => "/home/data/aed_ts-*"
start_position => "beginning"
sincedb_path => "NUL"
codec => json }
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
index => "ed-test-1%{+YYYY.MM.dd}"
hosts => ["https://es01:9200"]
ssl => true
ssl_certificate_verification => false
cacert => "/usr/share/logstash/certs/ca/ca.crt"
manage_template => false
user => "elastic"
password => "${ELASTIC_PASSWORD}"
}
}
//

Badger · November 21, 2020, 3:09pm

Those logs are not JSON, so both the json codec and the json filter will produce errors. Remove the json codec and replace the json filter with a kv filter.

system · December 19, 2020, 3:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.