mon fichier json : myFile.json
{"Property 1":"value A","Property 2":"value B"}
Mon fichier config :
input {
file {
type => "json"
path => "D:/shared/tmp/myFile.json"
start_position => "beginning"
sincedb_path => "NUL"
}
}
filter {
json {
source => "message"
}
}
output{
stdout{codec => rubydebug}
}
Output
D:\project\logstash\bin>logstash.bat -f D:\project\logstash\config\test.conf
Thread.exclusive is deprecated, use Thread::Mutex
Sending Logstash logs to D:/project/logstash/logs which is now configured via log4j2.properties
[2020-01-27T08:42:33,206][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-01-27T08:42:33,237][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-01-27T08:42:36,018][INFO ][org.reflections.Reflections] Reflections took 46 ms to scan 1 urls, producing 20 keys and 40 values
[2020-01-27T08:42:38,612][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[2020-01-27T08:42:38,643][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, :thread=>"#<Thread:0x7a88d9cb run>"}
[2020-01-27T08:42:39,550][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2020-01-27T08:42:39,659][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-01-27T08:42:39,659][INFO ][filewatch.observingtail ][main] START, creating Discoverer, Watch with file and sincedb collections
[2020-01-27T08:42:40,628][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9608}
D:/project/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"Property 2" => "value B",
"path" => "D:/shared/tmp/test2.json",
"@timestamp" => 2020-01-27T07:42:40.643Z,
"type" => "json",
"@version" => "1",
"host" => "wnd-qacsi-001",
"Property 1" => "value A",
"message" => "{\"Property 1\":\"value A\",\"Property 2\":\"value B\"}\r"
}
Attention Juste de bien laisser une ligne vide à la fin de votre fichier JSON sinon cela ne fonctionne pas !!!