How to `grok` the logstash formatted log in logstash?

Question

How to `grok` the logstash formatted log in logstash?

Closed this issue 4 years ago · 2 comments

I am trying to write a filter for the logstash formatted log in logstash. The current message string is:

{"@message":"1 users connected","@timestamp":"2020-04-02T00:10:17.871Z","@fields":{"level":"info"}}

I tried using
else if [fields][log_type] == "city_dashboard_logs" { json { source => “message” target => “message” } }
but this did not work.

Any suggestions?

Answer 1 · 2020-09-13T10:22:30.000Z

There is no magic to the format of logstash, it's simple JSON. There is no field log_type in your sample message, therefore you cannot filter on it. If you expect that, you need to find the reason it's missing. Please close this issue as there is nothing to be done within logform.

Answer 2 · 2020-09-13T16:13:02.000Z

@rasenplanscher Yes, thanks. Seems like a rookie mistake now.