Parsing Problem \""

pariksh · March 13, 2020, 4:33am

The output of key_pairs look like

"key_pairs" => "\"lastName\":\"\",\"address\":null,\"relativeIds\":\"135,\",\"gender\":\"Male\",\"city\":433,\"userId\":4265,\"firstName\":\"Shiv\",\"mrTrendingTags\":\"#निरोगी जिवन\\t\\t#आरोग्याचे फायदे\\t\\t#आहार आणि पोषण\\t\\t#वजन कमी होणे\\t\\t#स्किनकेअर\",\"imageUrl\":\"\",\"name\":\"Shiv\",\"middleName\":\"\",\"enTrendingTags\":\"#Healthy Living\\t\\t#Health Benefits\\t\\t#Diet and Nutrition\\t\\t#Weight Loss\\t\\t#SkinCare\",\"state\":21,\"email\":\"\",\"key\":\"kreativsarg@1234\"",

Logstash config file

filter {
   grok{
        match => {"message"=>"%{TIME:time} %{WORD:method}\s(?<java_method>[^(]*)%{GREEDYDATA:message}\{%{GREEDYDATA:key_pairs}\}%{GREEDYDATA:more_data}"}
    }
    if "ExUsernamePasswordAuthenticationFilter.successfulAuthentication" in [java_method] {
   
    mutate {
    
remove_field => ["message"]
remove_field => ["more_data"]
remove_field => ["message"]
  }
}else {
    drop {}
  }
}


I tried 
json{
        source => "key_pairs"
        target => "parsedJson"
        remove_field=>["key_pairs"]
    }

But it  won't work
Thanks

system · April 10, 2020, 4:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to change a message into multiple key and value in logstash filter Logstash	8	2174	September 15, 2017
Remove field after parsing json Logstash	3	1203	April 14, 2022
Parsing java map to json in logstash Logstash	3	648	December 18, 2017
Parse log line into JSON even when some tags from log can miss Logstash	5	309	June 26, 2018
Parse and extract json fields using logstash Logstash	3	599	June 14, 2020

Parsing Problem \""

Related topics