Problem with parsing json in syslog format

rugenl · October 14, 2020, 2:20pm

Here is an example Parse JSON string contained in a Syslog message

This uses grok to parse off the syslog headers before using the json filter

    if [type] == "syslog" {
            grok {
                    match   =>   {  "message" => "%{SYSLOGBASE} %{GREEDYDATA:syslog_message}"  }
            }

            json {
                    source  =>   {  source  => "syslog_message"   }
            }
    }

Topic		Replies	Views
Logstash JSON syslog_message parsing Logstash	3	1530	March 23, 2017
Parsing issues of JSON within a syslog event Logstash	1	642	December 29, 2018
SYSLOG, convert string message to JSON format Logstash	9	9802	March 18, 2020
Parse JSON string contained in a Syslog message Logstash	3	5063	July 6, 2017
Help Parsing JSONFMT Rsyslog entries Logstash	3	383	July 16, 2018

Problem with parsing json in syslog format

Related topics