brunillopu
Reputation: 121
Logstash filter text into json format
this is our stdout {} of Logstash:
{
"_index": "logstash",
"_type": "_doc",
"_id": "UPUcBnEBHL50VNrwHY-Q",
"_version": 1,
"_score": null,
"_source":
{"host": {"name": "xxxxxx"},
"@timestamp": "2020-03-23T06:37:16.915Z",
"data": {"node": "node1","level": "INFO", "timestamp": "2020-03-23T07:37:11,050","thread": "EthScheduler-Workers-3","throwable": "","class": "BlockPropagationManager","message": "Imported #979 / 0 tx / 0 om / 0 (0.0%) gas /(0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371) in 0.000s."}
}
We desire in ELS the "message" text field in "data" object :
"message": "Imported #979 / 0 tx / 0 om / 0 (0.0%) gas / (0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371) in 0.000s."
in the JSON structured from below:
{Imported: 979,Tx: 0,Gas: 0 Hash:0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371,duration: 0,000s}
Could you help us solve the problem? Thanks in advance! BR
Upvotes: 1
Views: 104
Answers (1)
Abhishek Jaisingh
Reputation: 1730
You'll need to write custom grok patterns for this, matching the various substrings in the message field, for example to extract the Imported field
grok {
match => { "message" => "Imported #%{NUMBER:Imported}" }
}
Upvotes: 1
Related Questions
- How to filter only JSON from TEXT and JSON mixed format in logstash
- How to use JSON filter plugin to seperate message in JSON in logstash?
- Filtering JSON/non-JSON entries in Logstash
- how to write filter section in logstash for json formatted nested file
- Transform json input with logstash filter
- Parsing out text from a string using a logstash filter
- logstash json filter not parsing fields getting _jsonparsefailure
- Logstash filter parse json file result a double fields
- filter json in logstash
- Logstash mutate filter on json data