Logstash exec input plugin - Remove command run from @message

Question

I'm using logstash 1.5.1 on a windows machine. I have to make a rest call, that delivers me JSON output.

Therefore I'm using exec. The result is no json anymore :-(.

The @message of this event will be the entire stdout of the command as one event. https://www.elastic.co/guide/en/logstash/current/plugins-inputs-exec.html

My logstash configuration

input {
    exec {
        command => "C:\bin\curl\curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved" 
        interval => 10
        codec => json { charset => "CP1252" }
    }
}
output {
  elasticsearch {
    node_name => test
    host => myhost  
  }
}

The output under cmd

{"request":{"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434643572,"status":200}

The unparseable output on elasticsearch (3 lines!)

C:\Daten\tools\logstash-1.5.1\bin>C:\bin\curl\curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved
{"request":"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434641808,"status":200}

Usually I would try to cut only the JSON output, but somehow I'm limited on Windows regarding knowledge of that.

I have tried the filter plugin split, to separate these three lines, but don't know how to drop line 1 and 2.

filter {
    split {     
    }
}

Any pointers appreciated.

In the end I only want to have this line to be send to elasticsearch:

{"request":{"mbean":"metrics:name=trx.process.approved","type":"read"},"value":{"Count":14},"timestamp":1434641808,"status":200}

Answer 1

Found the solution myself

filter {
    split { 
    }
    if  [message] !~ "^{" {
        drop {}
    }
}

using a conditional with regex if the string does not starts with "{" the line will be dropped.