Regarding parsing of data in logstash

Ajay_Kumar.S · January 19, 2024, 5:50am

"message" => "{\"namespace\":\"oci_computeagent\",\"resourceGroup\":null,\"compartmentId\":\"ocid1.compartment.oc1..aaaaaaaacu54zo4clgrmfs3faxqqgfxyu2mjlufgslcem3venf2kon2ktmsq\",\"name\":\"DiskIopsWritten\",\"dimensions\":{\"instancePoolId\":\"Default\",\"resourceDisplayName\":\"MGVCL-SOC-COLLECTOR-SERVER01\",\"faultDomain\":\"FAULT-DOMAIN-3\",\"resourceId\":\"ocid1.instance.oc1.ap-mumbai-1.anrg6ljroze667ic2ur54n6qlng6brpin733coaiznfbm65snbiin6t7nwqq\",\"availabilityDomain\":\"Pwmv:AP-MUMBAI-1-AD-1\",\"imageId\":\"ocid1.image.oc1.ap-mumbai-1.aaaaaaaayjh7v5x7cwns4kuldagah5pmzqffulrr4olo2e72roansqatf2xa\",\"shape\":\"VM.Standard.E4.Flex\",\"dedicatedVmHostId\":\"DefaultVmHostId\",\"region\":\"ap-mumbai-1\"},\"metadata\":{\"displayName\":\"Disk Write I/O\",\"unit\":\"Operations\"},\"datapoints\":[{\"timestamp\":1705643253009,\"value\":1821348.0,\"count\":1},{\"timestamp\":1705643263010,\"value\":1821352.0,\"count\":1},{\"timestamp\":1705643273010,\"value\":1821362.0,\"count\":1},{\"timestamp\":1705643283009,\"value\":1821366.0,\"count\":1},{\"timestamp\":1705643293009,\"value\":1821371.0,\"count\":1},{\"timestamp\":1705643303010,\"value\":1821383.0,\"count\":1}]}",
    "@timestamp" => 2024-01-19T05:48:29.967666300Z,

I want to parse this data using grok even including with timestamp section in logstash .

strawgate · January 23, 2024, 12:19am

The normal grok filter should work just fine, have you given that a try?

leandrojmp · January 23, 2024, 1:59am

Your message field is a json, you should use a json filter, not grok.

Can you share your logstash pipeline?

system · February 20, 2024, 2:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.