Unable to parse json log to Kibana

marek.vesely · October 8, 2019, 6:27am

Hello,

I have json log like this:
{"thread":"http-nio-8943-exec-9","level":"INFO","loggerName":"cz.direct.common.restapi.interceptor.LoggingFilter","message":{"requestNumber":140,"responseCode":200,"contentType":"application/json;charset=UTF-8","headers":{"X-Fishtag":"tal1d20191008083158852"},"payload":{"version":"1.1.13-SNAPSHOT","buildDateTime":"2019-09-30T10:14","runningTime":685055.0}},"endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog","instant":{"epochSecond":1570516318,"nanoOfSecond":859087000},"contextMap":{"fishtag":"tal1d20191008083158852"},"threadId":33,"threadPriority":5,"timestamp":"2019.10.08 08:31:58.859"}

filebeat.yml:
processors:
- decode_json_fields:
fields: ["message"]
filebeat.prospectors:
- fields:
env: dev02
type: restapilog
fields_under_root: true
paths:
- /var/log/app/restapi-talend-/logs/actual/restapi-talend-.log
tags:
- app-dev-02-insurance-restapi-talend
- java-based
type: log

logstash filter:
filter {
if[type] == "restapilog" {
date {
match => ["timestamp", "yyyy.MM.dd HH:mm:ss.SSS"]
timezone => "Europe/Prague"
target => "@timestamp"
}
}

and kibana output:

Filebeat version: 6.8.3-1
ELK: 6.8.2-1

marek.vesely · October 17, 2019, 8:43am

nobody knows?

Badger · October 17, 2019, 3:22pm

Nobody knows what? Your post did not contain a question.

marek.vesely · October 18, 2019, 4:48am

How to have parsed output in Kibana into fileds? Fields should be message.responseCode, message.reguestNumber, etc... Now it is only 1 big string.

marek.vesely · October 29, 2019, 8:02am

i solved it on my own...

system · November 26, 2019, 8:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.