Reputation: 233
How to use the JSON Filter Plugin for Logstash
I have read this documentation on their website (https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html) and am still struggling to understand how to use this plugin. The goal I had was to take a JSON file and cut out everything except for a few particular fields that are spread out around a JSON log. Does the Add_field filter make it so only the fields added are passed on? If so how would I specify what to pass on?
Upvotes: 1
Views: 1212
Answers (1)
Reputation: 4089
The JSON filter is for expanding json in a field. For reading a JSON file into logstash you probably want to use the json codec with a file input, somewhat like this:
file {
path => "/path/to/file"
codec => "json"
}
That will read a json file into logstash as one event or
If the data being sent is a JSON array at its root multiple events will be created (one per element).
Then you could use a mutate filter to remove the fields you don't want.
mutate {
remove_field => [ "uneeded-field", "my_extraneous_field" ]
}
You could also look into using the community prune filter, which can remove everything except a whitelist.
Upvotes: 1
Related Questions
- Logstash JSON Grok filter issue
- Filtering JSON/non-JSON entries in Logstash
- Logstash filter text into json format
- How to process json in logstash
- Transform json input with logstash filter
- How to include the filter in Logstash config file?
- How to filter JSON data from a log4j file using logstash?
- logstash json filter not parsing. getting _jsonparsefailure although the json is correct
- filter json in logstash
- Logstash mutate filter on json data