Search code examples
linuxelasticsearchfluentd

How to convert a log file to JSON format using shell script?

I have three lines of syslog, I need to convert this data to JSON in order to forward it to elasticsearch using fluentd. Is there an internal way to do this or do we have to convert the log and then forward.

Sample Log

Feb  3 17:26:36 servername augenrules: failure 1
Feb  3 17:26:38 servername NetworkManager[830]: <info>  [1580768798.0902] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file"}
Feb  3 17:26:44 servername Unit metricbeat.service entered failed state
Feb  3 18:01:44 servername rtprocess[4815]: (RTI rtscantask[6106]@xx)#app#ClsRtdb_query_attr.cpp#931#ClsRtdbAttrTbl::fetchScalarVal(): Failed to fetch scalar value because failed to convert address to number address.
Feb  3 19:26:36 servername augenrules: failure 1
Feb  3 19:45:38 servername NetworkManager[830]: <info>  [1580768798.0902] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Feb  3 20:26:44 servername Unit metricbeat.service entered failed state.
Feb  3 21:01:44 servername rtprocess[4815]: (RTI rtscantask[6106]@xx)#app#ClsRtdb_query_attr.cpp#931#ClsRtdbAttrTbl::fetchScalarVal(): Failed to fetch scalar value because failed to convert address to number address.

Required output

{"date":"Feb  3 17:26:36","server":"servername","error":"augenrules: failure 1"}
{"date":"Feb  3 17:26:38","server":"servername","error":"NetworkManager[830]: <info>  [1580768798.0902] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file"}
{"date":"Feb  3 17:26:44","server":"servername","error":"Unit metricbeat.service entered failed state."}
{"date":"Feb  3 18:01:44","server":"servername","error":"rtprocess[4815]: (RTI rtscantask[6106]@servername)#app#ClsRtdb_query_attr.cpp#931#ClsRtdbAttrTbl::fetchScalarVal(): Failed to fetch scalar value because failed to convert address to number address."}
{"date":"Feb  3 19:26:36","server":"servername","error":"augenrules: failure 1"}
{"date":"Feb  3 19:45:38","server":"servername","error":"NetworkManager[830]: <info>  [1580768798.0902] manager: rfkill: WiFi enabled by radio killswitch; enabled by state fileservername
{"date":"Feb  3 20:26:44","server":"atlswdo087","error":"Unit metricbeat.service entered failed state."}
{"date":"Feb  3 21:01:44","server":"servername","error":"rtprocess[4815]: (RTI rtscantask[6106]@servername)#app#ClsRtdb_query_attr.cpp#931#ClsRtdbAttrTbl::fetchScalarVal(): Failed to fetch scalar value because failed to convert address to number address."}

Please help!!!

Solution 
  • This is the Solution I have come up with we can use the same in a while loop to convert the whole log to Json :D 

Feb  3 17:26:36 servername augenrules: failure 1

dt=$(echo $line | awk '{print ($1" "$2" " $3)}')
ser_nm=$(echo $line | awk '{print ($4)}')
error_msg=$(echo $line | awk '{print ($5$6$7$8$9$10)}')
echo {\"date\":\"$dt\"','"\"server\":\"$ser_nm\",\"error\":\"$error_msg\""}

- Sai Kumar(Bigger the problem bigger the smile when it is resolved)