将JSON与LogStash结合使用 [英] Using JSON with LogStash

问题描述

我在这里疯了.我有一个将日志写入文件的应用程序.每个日志条目都是一个JSON对象.我的.json文件的示例如下所示:

I'm going out of my mind here. I have an app that writes logs to a file. Each log entry is a JSON object. An example of my .json file looks like the following:

{"Property 1":"value A","Property 2":"value B"}
{"Property 1":"value x","Property 2":"value y"}

我正在拼命尝试将日志条目放入LogStash.为了做到这一点，我创建了以下LogStash配置文件:

I'm trying desperately to get the log entries into LogStash. In an attempt to do this, I've created the following LogStash configuration file:

input {
  file {
    type => "json"
    path => "/logs/mylogs.log"
    codec => "json"
  }
}
output {
  file {
    path => "/logs/out.log"
  }
}

现在，我正在手动将记录添加到mylogs.log中以尝试使其正常运行.但是，它们奇怪地出现在标准输出中.当我查看open.log时，会看到类似以下的内容:

Right now, I'm manually adding records to mylogs.log to try and get it working. However, they appear oddly in the stdout. When I look open out.log, I see something like the following:

{"message":"\"Property 1\":\"value A\", \"Property 2\":\"value B\"}","@version":"1","@timestamp":"2014-04-08T15:33:07.519Z","type":"json","host":"ip-[myAddress]","path":"/logs/mylogs.log"}

因此，如果我将消息发送到ElasticSearch，则不会获得该字段.取而代之的是我一团糟.我需要我的属性仍然是属性.我不希望它们挤在消息部分或输出中.我有一种预感，这与编解码器有关.但是，我不确定.我不确定是否应该在logstash输入配置上更改编解码器.或者，如果我应该更改输出配置上的输入.衷心感谢您的帮助，因为我现在迫在眉睫.

Because of this, if I send the message to ElasticSearch, I don't get the fields. Instead I get a jumbled mess. I need my properties to still be properties. I do not want them crammed into the message portion or the output. I have a hunch this has something to do with Codecs. Yet, I'm not sure. I'm not sure if I should change the codec on the logstash input configuration. Or, if I should change the input on the output configuration. I would sincerely appreciate any help as I'm getting desperate at this point.

谢谢.

推荐答案

尝试删除 json编解码器并添加 json过滤器

input {
  file {
    type => "json"
    path => "/logs/mylogs.log"
  }
}
filter{
    json{
        source => "message"
    }
}
output {
  file {
    path => "/logs/out.log"
  }
}

您不需要JSON编解码器，因为您不想解码源JSON，但只想过滤输入以仅在@message字段中获取JSON数据.

you do not need the json codec because you do not want decode the source JSON but you want filter the input to get the JSON data in the @message field only.

希望这会有所帮助.

这篇关于将JSON与LogStash结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！