Logstash无法解析json
当我在Kibana中看到结果时,我发现JSON中没有字段,而且,该message字段仅包含"status" : "FAILED"。
是否可以解析json中的字段并将其显示在Kibana中?我有以下配置:
input { file {
type => "json"
path => "/home/logstash/test.json"
codec => json
sincedb_path => "/home/logstash/sincedb"
}
}
output {
stdout {}
elasticsearch {
protocol => "http"
codec => "json"
host => "elasticsearch.dev"
port => "9200"
}
}
以及以下JSON文件:
[{"uid":"441d1d1dd296fe60","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623182,"stop":1419621640491,"duration":17309},"severity":"NORMAL","status":"FAILED"},{"uid":"a88c89b377aca0c9","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623182,"stop":1419621640634,"duration":17452},"severity":"NORMAL","status":"FAILED"},{"uid":"32c3f8b52386c85c","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623185,"stop":1419621640826,"duration":17641},"severity":"NORMAL","status":"FAILED"}]回答:
是。您需要在配置中添加一个过滤器,如下所示。
filter{ json{
source => "message"
}
}
在这里的文档中对此进行了很好的描述
json编解码器似乎不喜欢传入数组。单个元素与此配置一起工作:
{"uid":"441d1d1dd296fe60","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623182, "stop":1419621640491,"duration":17309 }, "severity":"NORMAL", "status":"FAILED" }{ "message" => "{\"uid\":\"441d1d1dd296fe60\",\"name\":\"test_buylinks\",\"title\":\"Testbuylinks\",\"time\":{\"start\":1419621623182, \"stop\":1419621640491,\"duration\":17309 }, \"severity\":\"NORMAL\", \"status\":\"FAILED\" }",
"@version" => "1",
"@timestamp" => "2015-02-26T23:25:12.011Z",
"host" => "emmet.local",
"uid" => "441d1d1dd296fe60",
"name" => "test_buylinks",
"title" => "Testbuylinks",
"time" => {
"start" => 1419621623182,
"stop" => 1419621640491,
"duration" => 17309
},
"severity" => "NORMAL",
"status" => "FAILED"
}
现在有了一个数组:
[{"uid":"441d1d1dd296fe60","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623182, "stop":1419621640491,"duration":17309 }, "severity":"NORMAL", "status":"FAILED" }, {"uid":"441d1d1dd296fe60","name":"test_buylinks","title":"Testbuylinks","time":{"start":1419621623182, "stop":1419621640491,"duration":17309 }, "severity":"NORMAL", "status":"FAILED" }]Trouble parsing json {:source=>"message", :raw=>"[{\"uid\":\"441d1d1dd296fe60\",\"name\":\"test_buylinks\",\"title\":\"Testbuylinks\",\"time\":{\"start\":1419621623182, \"stop\":1419621640491,\"duration\":17309 }, \"severity\":\"NORMAL\", \"status\":\"FAILED\" }, {\"uid\":\"441d1d1dd296fe60\",\"name\":\"test_buylinks\",\"title\":\"Testbuylinks\",\"time\":{\"start\":1419621623182, \"stop\":1419621640491,\"duration\":17309 }, \"severity\":\"NORMAL\", \"status\":\"FAILED\" }]", :exception=>#<TypeError: can't convert Array into Hash>, :level=>:warn}{
"message" => "[{\"uid\":\"441d1d1dd296fe60\",\"name\":\"test_buylinks\",\"title\":\"Testbuylinks\",\"time\":{\"start\":1419621623182, \"stop\":1419621640491,\"duration\":17309 }, \"severity\":\"NORMAL\", \"status\":\"FAILED\" }, {\"uid\":\"441d1d1dd296fe60\",\"name\":\"test_buylinks\",\"title\":\"Testbuylinks\",\"time\":{\"start\":1419621623182, \"stop\":1419621640491,\"duration\":17309 }, \"severity\":\"NORMAL\", \"status\":\"FAILED\" }]",
"@version" => "1",
"@timestamp" => "2015-02-26T23:28:21.195Z",
"host" => "emmet.local",
"tags" => [
[0] "_jsonparsefailure"
]
}
这看起来像是编解码器中的错误,您可以将消息更改为对象而不是数组吗?
以上是 Logstash无法解析json 的全部内容, 来源链接: utcz.com/qa/432385.html
