Retrieve json fields with regex

matpil · November 9, 2018, 11:58am

Hi all,
I'm trying to estract a value from my json log using a regex/wildcard into path field (so, it's generic to all my json log).
es. json log:

{
"appl": {
  "hostname": "host14-26102017",
  "containerid": "8410d663920a22fa5f256c440b714e437f69e395a940b31466c49060952a67bf",
  "log": {
    "MY_APP": {
      "pid": "",
      "timestamp": "2018-11-08 16:14:15.144",
      "context": "perfStatsLogger",
      "sid": "",
      "message": {
        "name": "cpu.usage",
        "value": {
          "value": 0.6200342049870466
        },
        "type": "GAUGE"
      },
      "service": "MY_APP",
      "level": "INFO"
    }
  }

"MY_APP" can change...
now I'd like to retrieve appl/log/MY__APP/timestamp (and transform as date).

here my filter:

filter {

  json {
      source => "message"
      target => "appl"
  }

  date {
      match => [ "[appl][log][*][timestamp]", "yyyy-MM-dd HH:mm:ss.SSS"]
      target => "timestamp"
   }
}

...this solution not working and I receive this error:
Detected ambiguous Field Reference [appl][log][*]timestamp] , which we expanded to the path [appl, log, *, timestamp] ; in a future release of Logstash, ambiguous Field References will not be expanded.

Is there a way to resolve?
Any suggest?

Regards

Matpil

system · December 7, 2018, 11:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Matching a nested field in a JSON formatted log Logstash	3	1011	June 12, 2019
Add field from JSON -logstash filter Logstash	2	4673	June 2, 2017
Date filter can't read from fieldnames which contain dots (created by the JSON filter) Logstash	3	712	May 14, 2020
Parsing nested json logs iin logstash Logstash	7	1060	July 7, 2017
Logstash cannot extract json key Logstash	4	426	February 11, 2019

Retrieve json fields with regex

Regards

Related topics