Parsing Problem \""

pariksh · March 13, 2020, 4:33am

The output of key_pairs look like

"key_pairs" => "\"lastName\":\"\",\"address\":null,\"relativeIds\":\"135,\",\"gender\":\"Male\",\"city\":433,\"userId\":4265,\"firstName\":\"Shiv\",\"mrTrendingTags\":\"#निरोगी जिवन\\t\\t#आरोग्याचे फायदे\\t\\t#आहार आणि पोषण\\t\\t#वजन कमी होणे\\t\\t#स्किनकेअर\",\"imageUrl\":\"\",\"name\":\"Shiv\",\"middleName\":\"\",\"enTrendingTags\":\"#Healthy Living\\t\\t#Health Benefits\\t\\t#Diet and Nutrition\\t\\t#Weight Loss\\t\\t#SkinCare\",\"state\":21,\"email\":\"\",\"key\":\"kreativsarg@1234\"",

Logstash config file

filter {
   grok{
        match => {"message"=>"%{TIME:time} %{WORD:method}\s(?<java_method>[^(]*)%{GREEDYDATA:message}\{%{GREEDYDATA:key_pairs}\}%{GREEDYDATA:more_data}"}
    }
    if "ExUsernamePasswordAuthenticationFilter.successfulAuthentication" in [java_method] {
   
    mutate {
    
remove_field => ["message"]
remove_field => ["more_data"]
remove_field => ["message"]
  }
}else {
    drop {}
  }
}


I tried 
json{
        source => "key_pairs"
        target => "parsedJson"
        remove_field=>["key_pairs"]
    }

But it  won't work
Thanks

system · April 10, 2020, 4:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Text based log format, need help in parsing Logstash	3	371	June 19, 2019
Parse mix of String, JSON and KeyValue Logstash	3	1225	March 4, 2019
Having problems parsing data Logstash	4	305	February 18, 2021
Error : "tags" => [ [0] "_grokparsefailure" ]..Grok filter error Logstash	22	2548	September 18, 2019
Kv filter has no support for this type of data {:type=>Hash, :value=>{"METHODNAME"=> Logstash	3	413	July 9, 2021

Parsing Problem \""

Related topics