How to parse json in logstash /grok from a text file line?

Question

I have a logfile which looks like this ( simplified)

Logline sample

MyLine data={\"firstname\":\"bob\",\"lastname\":\"the builder\"}         


        

Answer 1

After your json filter add another one called mutate in order to add the two fields that you would take from the parsedJson field.

filter {
  ...
  json {
     ...
  }
  mutate {
    add_field => {
      "firstname" => "%{[parsedJson][firstname]}"
      "lastname" => "%{[parsedJson][lastname]}"
    }
  }
}

For your sample log line above that would give:

{
       "message" => "MyLine data={\"firstname\":\"bob\",\"lastname\":\"the builder\"}",
      "@version" => "1",
    "@timestamp" => "2015-11-26T11:54:52.556Z",
          "host" => "iMac.local",
        "MyWord" => "MyLine",
    "parsedJson" => {
        "firstname" => "bob",
         "lastname" => "the builder"
    },
     "firstname" => "bob",
      "lastname" => "the builder"
}