Hi,
Not able to parse brand filed from below response. Logstash taking requests on port 31315
via http input plugin
json to be parsed:
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 11.48834,
"hits": [
{
"_index": "rjilrepo",
"_type": "_doc",
"_id": "91150500",
"_score": 11.48834,
"_source": {
"brand": "LYF",
"model": "LS-5015",
"@timestamp": "2019-08-29T13:42:56.723Z",
"TAC": "91150500",
"DATA_GPRS": "1",
"jiolte": "true",
"jiovolte": "true",
"os": "Android",
"deviceType": "Smartphone",
"2G": "true",
"3G": "true",
"4G": "true",
"UICC.Sim Type": "MicroNano"
}
}
]
}
}
My Logstash Code below
input {
http {
host => "10.144.20.56"
port => 31315
codec => "json"
}
}
filter {
json { source => "message" }
split {
field => "hits"
}
mutate {
add_field => {
"LocalizationId" => "%{[hits][total][value]}"
"Rel" => "%{[hits][total][relation]}"
"brand" => "%{[hits][hits][_source][brand]}"
}
remove_field => [ "[message]" ]
}
}
output {
file {
path => "/tmp/apicall.log"
}
exec {command => "echo %{LocalizationId} %{Rel} %{brand} > /tmp/fffff"}
}
Thnks in advance...