在logstash中使用grok使用数组解析Multiline JSON

时间:2017-01-12 22:40:19

标签: elasticsearch kibana logstash-grok

嗨,这是我第一次使用Kibana。 我正在尝试将以下输入文件解析为logstash并将其用于弹性搜索以在Kibana中使用。

{
  "ASRtest": {
    "ASRHDR": "This is asr HDR",
    "ASRTestType": "DevTest",
    "Scenario": [
      {
        "ScenarioNumber": 1,
        "ScenarioName": "HTTP Validation",
        "ScenarioDescription": "Validate if the API alows access over HTTP",
        "ScExecutionStatus": "Execution Complete",
        "ScenarioStatus": "In-Complete",
        "ScenarioSeverity": false,
        "TestCase": [
          {
            "TestCaseNumber": 1,
            "TestCaseName": "HTTP Validation - using POST method ",
            "TcExecutionStatus": "Execution Error",
            "TcStatus": "NA",
            "TcSeverity": "NA"
          }
        ]
      },
      {
        "ScenarioNumber": 2,
        "ScenarioName": "Server Platform/Version Disclosure",
        "ScenarioDescription": "Validate if API disclose server information",
        "ScExecutionStatus": "Execution Complete",
        "ScenarioStatus": "Failure",
        "ScenarioSeverity": "Medium",
        "TestCase": [
          {
            "TestCaseNumber": 1,
            "TestCaseName": "Server Platform/Version Disclosure - using POST method ",
            "TcExecutionStatus": "Executed Successfully",
            "TcStatus": "Failure",
            "TcSeverity": "Medium"
          }
        ]
      }
    ]
  }
}

我希望输入中的所有字段都可用于仪表板图表。任何人都可以解释如何解析这个多行JSON文件到logstash ==> elasticsearch。 我尝试了一个示例配置文件,但是我无法生成所需的输出。

1 个答案:

答案 0 :(得分:1)

您可能必须使用multiline codec,这可以理想地允许将来自文件的多行消息加入单个事件中。 input看起来像这样:

input 
{   
    file 
    {
        codec => multiline
        {
            pattern => '^\{'
            negate => true
            what => previous                
        }
        path => ["path to your json file/.json"]
        start_position => "beginning"
        sincedb_path => "/dev/null"
        exclude => "*.gz"
    }
}

This主题和SO可能很有用。希望它有所帮助!

相关问题
最新问题