I'm new to logstash. I would like to parse every line in log file as json object using grok. My log looks like this:
1570519737247 I access {"date":"2019-10-08T09:28:57.247","rootTitle":"title1","rootModel":"model1","dcTitle":"[1a]"}
1570519737247 I access {"date":"2019-10-08T09:28:57.247","rootTitle":"title2","rootModel":"model2","dcTitle":"[1b]"}
You can see that every line is starting with text and then there is valid json object.
And I want to construct object for every line that would look like this:
{
"accesing": "1570519737247",
"message": {
"date":"2019-10-08T09:28:57.247",
"rootTitle":"title1",
"rootModel":"model1",
"dcTitle":"[1a]"
}
}
So I want to take the number at the beggining and assign it to "accesing" key, I dont need the "I access" word, then the json object to "message".
I tried this pattern in grok debugger %{WORD:accesing} %{GREEDYDATA:message} but of course thats not what i need. Please, can anybody help?
Use this:
%{WORD:accesing} I access %{GREEDYDATA:message}
input:
1570519737247 I access {"date":"2019-10-08T09:28:57.247","rootTitle":"title1","rootModel":"model1","dcTitle":"[1a]"}
output:
{
"accesing": [
[
"1570519737247"
]
],
"message": [
[
"{"date":"2019-10-08T09:28:57.247","rootTitle":"title1","rootModel":"model1","dcTitle":"[1a]"}"
]
]
}