The output of key_pairs look like
"key_pairs" => "\"lastName\":\"\",\"address\":null,\"relativeIds\":\"135,\",\"gender\":\"Male\",\"city\":433,\"userId\":4265,\"firstName\":\"Shiv\",\"mrTrendingTags\":\"#निरोगी जिवन\\t\\t#आरोग्याचे फायदे\\t\\t#आहार आणि पोषण\\t\\t#वजन कमी होणे\\t\\t#स्किनकेअर\",\"imageUrl\":\"\",\"name\":\"Shiv\",\"middleName\":\"\",\"enTrendingTags\":\"#Healthy Living\\t\\t#Health Benefits\\t\\t#Diet and Nutrition\\t\\t#Weight Loss\\t\\t#SkinCare\",\"state\":21,\"email\":\"\",\"key\":\"kreativsarg@1234\"",
Logstash config file
filter {
grok{
match => {"message"=>"%{TIME:time} %{WORD:method}\s(?<java_method>[^(]*)%{GREEDYDATA:message}\{%{GREEDYDATA:key_pairs}\}%{GREEDYDATA:more_data}"}
}
if "ExUsernamePasswordAuthenticationFilter.successfulAuthentication" in [java_method] {
mutate {
remove_field => ["message"]
remove_field => ["more_data"]
remove_field => ["message"]
}
}else {
drop {}
}
}
I tried
json{
source => "key_pairs"
target => "parsedJson"
remove_field=>["key_pairs"]
}
But it won't work
Thanks