Problem with JSON logs

Utundu · February 8, 2019, 9:14pm

Hi,

I'm new to the Elastic Stack and I can't manage to build a pipeline for my Java logs.
I use the Logstack Logstash appender, Filebeat and Elastic Search for now.

Here is my Filebeat configuration.

    filebeat.inputs:
    - type: log
      enabled: true
      paths:
        - /var/log/myApp/stash_*
      fields_under_root: true
      fields:
        app_id: myApp
        env: dev
    output.elasticsearch:
      hosts: ["http://MyES:9200"]

It does generate entries in ES:

"@timestamp": "2019-02-08T19:52:36.371Z",
"app_id": "myApp",
...
"message": "{"@timestamp":"2019-02-08T20:52:36.329+01:00","@version":"1","message":"[Application] At path /data/","logger_name":"application","thread_name":"application-akka.actor.default-dispatcher-155","level":"DEBUG","level_value":10000}",
...

As you can see, the message is stored as plain text instead of JSON.

What am I missing ?

Thanks in advance

andrewkroh · February 9, 2019, 2:17am

You need to configure log input to decode JSON. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-config-json.

filebeat.inputs:
- type: log
  json.message_key: message
  ...

Utundu · February 9, 2019, 5:31pm

Of course !
Working great, thanks a lot !

system · March 9, 2019, 7:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Beats not parsing `message` correctly with filebeat protocol Beats filebeat	7	27	October 11, 2024
How to send Json logs to Elastic Search using File Beats without extra fields Beats filebeat	5	4016	August 6, 2020
JSON Input showing up line by line Beats filebeat	2	505	May 22, 2017
Ingesting JSON logs with filebeat and logstash Beats beats-module , filebeat	9	6467	November 16, 2021
Filbeat not showing json outputs Beats filebeat	0	93	May 30, 2024

Problem with JSON logs

Related Topics