I'm using logstash 1.5.1 on a windows machine. I have to make a rest call, that delivers me JSON output.
Therefore I'm using exec. The result is no json anymore :-(.
The @message of this event will be the entire stdout of the command as one event. https://www.elastic.co/guide/en/logstash/current/plugins-inputs-exec.html
My logstash configuration
input {
exec {
command => "C:\bin\curl\curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved"
interval => 10
codec => json { charset => "CP1252" }
}
}
output {
elasticsearch {
node_name => test
host => myhost
}
}
The output under cmd
{"request":{"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434643572,"status":200}
The unparseable output on elasticsearch (3 lines!)
C:\Daten\tools\logstash-1.5.1\bin>C:\bin\curl\curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved
{"request":"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434641808,"status":200}
Usually I would try to cut only the JSON output, but somehow I'm limited on Windows regarding knowledge of that.
I have tried the filter plugin split, to separate these three lines, but don't know how to drop line 1 and 2.
filter {
split {
}
}
Any pointers appreciated.
In the end I only want to have this line to be send to elasticsearch:
{"request":{"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434641808,"status":200}
Found the solution myself
using a conditional with regex if the string does not starts with "{" the line will be dropped.