I am new to logstash and trying to go through different blogs / links to understand it in detail. I am stuck with a issue where I want to parse Json string which is embedded in a normal string line .
Input String
2017-01-27 11:54:48 INFO PropertiesReader:33 - {"timestamp":1485518878968,"h":"297268184dde", "l":"INFO", "cN":"org.com.logstash.demo", "mN":"loadProperties", "m":"load property file from /var/tmp/conf"}
I want to extract highlighted Json string and apply Json plug-in on the Json . How can I achieve this ?
You simply need to use the json filter after your grok filter:
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:LogDate} %{LOGLEVEL:loglevel} %{WORD:threadName}:%{NUMBER:ThreadID} - %{GREEDYDATA:Line}" ]
}
json {
source => "Line"
}
}
Also note that I've modified your grok pattern a little bit to exclude the - before the JSON data.