Which Filter to use

sjabiulla · April 17, 2019, 5:53am

My log is something like below

{@timestamp} some text here key1=value1 key2=value2 key3=value3

I have tried json filter as below and got parsing errors. Which filter should I choose here ? I want to push all key value pairs and timestamp to variables in ElasticSearch.

json {
		source => "message"
	}

Christian_Dahlqvist · April 17, 2019, 6:00am

As that log line is not JSON it is not surprising that the son filter does not work. I would recommend using a dissect or grok filter to parse the components of the string so that you end up with the final key-value list in a separate field. You can see how to go about doing this in this introductory blog post.

You can then apply a kv filter to this field to parse the key-value pairs out.

sjabiulla · April 23, 2019, 8:32am

@Christian_Dahlqvist
I am using kv filter now as below. I have numbers as values in few of kv params, but in ElasticSearch they are being indexed as String's. How to index them as numbers !

      kv
		{ 
			source => "message" 
		}

I have response time in log as below .
ResponseTimeMillis=454
But when it's indexed to ES, it's indexed as below.

"ResponseTimeMillis": "454"

I want it to be "ResponseTimeMillis": 454. Is it possible ?

Christian_Dahlqvist · April 23, 2019, 8:33am

Yes, add a mutate filter to convert to a number after you have parsed the data.

sjabiulla · April 23, 2019, 10:13am

Awesome. I'm now able to use mutate filter to convert string to a Integer.

Thank you

Topic		Replies	Views
Need help to get Key Value into Elastic Logstash	7	409	July 5, 2018
Parsing mixing of json and kv filter in logstash Logstash	6	2637	October 1, 2018
Using KV with JSON Logstash	7	2575	July 6, 2017
Is there any Logstash filter to convert a log-line to json Logstash	3	2224	June 30, 2017
Blindly parse JSON from logs and add it to elasticsearch Logstash	7	2161	May 25, 2018

Which Filter to use

Related topics