Retrieve Fields from the String

karthik3 · May 7, 2020, 4:23am

Hi,

How we can get the value from the string in logstash.

Sample Log:
2020-04-27 00:44:30,445 INFO START [[Thread1]]logger - {
"sourcetype":"MachineA",
"event":{"timestamp":"2020-04-29T00:00:00.000","logLevel": "Debug","TransactionId": "12345",
"content":{
"payload":"{"Date": "28.04.2020","Name": "KARTHIK","Origin":"MAA","Destination":"FRK","AirlineBooking":"Yes"}"
}
}
}

How to get the value of AirlineBooking, Origin,Destination,date,name from the payload?

My Filter:

filter
{
if "START [[" in [message]
{
grok
{
match => { "message" => "%{TIMESTAMP_ISO8601:logtime} %{LOGLEVEL:loglevel} %{DATA:audittype} %{DATA:app} - %{GREEDYDATA:jsondata}" }
}
json { source => "jsondata" }
mutate { add_field => { "RequestTimeStamp" => "%{[event][timestamp]}"
"LogLevel" => "%{[event][logLevel]}" } }

Regards,
Karthikeyan S

ptamba · May 7, 2020, 5:32am

you can pass the payload field to another json filter

karthik3 · May 14, 2020, 1:36pm

Thanks for the response. Its working now.

system · June 11, 2020, 1:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.