Problem with parsing json in syslog format

rugenl · October 14, 2020, 2:20pm

Here is an example Parse JSON string contained in a Syslog message

This uses grok to parse off the syslog headers before using the json filter

    if [type] == "syslog" {
            grok {
                    match   =>   {  "message" => "%{SYSLOGBASE} %{GREEDYDATA:syslog_message}"  }
            }

            json {
                    source  =>   {  source  => "syslog_message"   }
            }
    }

Topic		Replies	Views
Parsing issues of JSON within a syslog event Logstash	1	634	December 29, 2018
SYSLOG, convert string message to JSON format Logstash	9	8792	March 18, 2020
Parse "message" field on Syslog Logstash	4	1380	March 28, 2021
Logstash JSON syslog_message parsing Logstash	3	1516	March 23, 2017
Parse JSON string contained in a Syslog message Logstash	3	5031	July 6, 2017

Problem with parsing json in syslog format

Related topics