Quotes in Grok

Tim_James · October 4, 2016, 9:00am

Hi,

I'm having trouble trying to parse log lines like this (but much longer):

"timestamp":"2016-02-10 00:10:33","level":"ERROR"

So everything is in double quotes.

I just want a simple way to get the fields separated and without quotes.

Could someone point me in the right direction?

Thanks

magnusbaeck · October 4, 2016, 9:27am

Is this JSON data? Use the json filter (or codec).

Tim_James · October 4, 2016, 10:22am

Unfortunately it's not proper JSON , but I might be able to use that, thanks.

Topic		Replies	Views
Parse Logstash.log with logstash Logstash	2	709	July 6, 2017
Add Double quotes for json data in logstash Logstash	9	3551	December 19, 2018
Need help with Grok Logstash	5	243	August 2, 2019
Is there any method to parse json without quotations, kind of file in logstash Logstash	6	1081	July 6, 2017
Logstash filter to parse json --> json deserialized string Logstash	2	2649	February 5, 2018