Logstash version: 7.17.10 Elasticsearch version:7.17.10
The logs are located in /var/logs directory and the format is as below:
[
{
"t": "SYS",
"dt": "2023-04-17 19:46:40.147 GMT-04:00",
"c": "MenuSectionsViewController",
"cpu": "cpu usage: 40%",
"m": "dealloc",
"msg": "",
"mem": "total: 4177M used: 169M free: 2398M",
"b": "8.25.1"
},
{
"t": "SYS",
"dt": "2023-04-17 19:46:40.154 GMT-04:00",
"c": "OrderTicketView",
"cpu": "cpu usage: 40%",
"m": "dealloc",
"msg": "",
"mem": "total: 4177M used: 169M free: 2398M",
"b": "8.25.1"
}
]
I want to use Logstash to parse JSON arrays in log files and output each JSON object as a separate document to Elasticsearch. But unfortunately, I have tried multiple configurations and still haven't found the right solution, so I hope everyone can help me out.
My expected log documents are as follows:
{
"_index": "device-logs-2023.07.28",
"_type": "_doc",
"_id": "VVqImokBM0y425kVF-bp",
"_version": 1,
"_score": 1,
"_source": {
"path": "/var/logs/2.log",
"tags": [
"multiline",
"_jsonparsefailure"
],
"@timestamp": "2023-07-28T03:25:57.330Z",
"host": "2b9233260805",
"@version": "1",
"message": {
"t":"SYS",
"dt": "2023-04-17 19:46:40.147 GMT-04:00",
"c": "MenuSectionsViewController"
....
}
}
...
