I get a response in response field of nginx different at different times .. The response is not fixed . It is in nested type many times
Sometimes it will be like
{"resp":{\x22code\x22:200,\x22message\x22:\x22success\x22},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}
Some times the same Field1 can be different - Can you suggest what can be done here
{"resp":{\x22code\x22:200,\x22message\x22:\x22success\x22,\x22totalPages\x22:3,\x22data\x22:[{\x22items\x22:[{somedata | :{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}{}]}},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}
So what can be done in logstash -- when i try to parse with grok pattern the nested field in resp .Gets failed for Grok parse failure and also if i try to use json filter it fails as the nested part does not fit.. Please let me know
