Skip to content

Instantly share code, notes, and snippets.

@jordansissel

jordansissel/foo.md

Last active February 6, 2021 22:08
Show Gist options
  • Star 22 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save jordansissel/2996677 to your computer and use it in GitHub Desktop.
Save jordansissel/2996677 to your computer and use it in GitHub Desktop.
Download ZIP
logstash message format
Raw
foo.md

logstash json format

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "hello.local"
}
  • @timestamp is the ISO8601 high-precision timestamp for the event.
  • @version is the version number of this json schema
  • Every other field is valid and fine.

Observe it in real life

You can observe the message structure by doing output { stdout { codec => rubydebug } }

% bin/logstash  -e 'output { stdout { codec => rubydebug } }'
hello world

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "Macintosh.local"
}
@jordansissel
Copy link
Author

I'll update this shortly and also delete all the old comments that aren't meaningful in the new schema.

@vanthome
Copy link

@jordansissel can tou give a reference to the documentation, where the current logstash json format is defined?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment