Decompose Logstash json message into fields

Question

It have a logfile that stores event with a timestamp and a json message. For example:

timestamp {\"foo\": 12, \"bar\": 13}

I would l

Answer 1

You can just use plain Grok filters (regex style filters/patterns) and assign the matched value into a variable for easy organization, filtering and searching.

An example:

((?(\"foo\"))):((?(\d+,)))

Something along those lines.

Use the GrokDebugger to help out if you get stuck on the syntax, patterns and things you think should be matching but aren't.

Hope that helps a bit.