Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
logstash message format

logstash json format

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "hello.local"
}
  • @timestamp is the ISO8601 high-precision timestamp for the event.
  • @version is the version number of this json schema
  • Every other field is valid and fine.

Observe it in real life

You can observe the message structure by doing output { stdout { codec => rubydebug } }

% bin/logstash  -e 'output { stdout { codec => rubydebug } }'
hello world

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "Macintosh.local"
}
@jordansissel

This comment has been minimized.

Copy link
Owner Author

@jordansissel jordansissel commented Apr 22, 2014

I'll update this shortly and also delete all the old comments that aren't meaningful in the new schema.

@vanthome

This comment has been minimized.

Copy link

@vanthome vanthome commented Aug 24, 2015

@jordansissel can tou give a reference to the documentation, where the current logstash json format is defined?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment