that last comment at the bottom with the complete config
parsley72
My SO question has been answered, I can parse the timestamp and location data correctly. Now I need to figure out how to step through the array so I can deal with multiple events.
parsley72: I may be missing context, but it seems wierd that you're having to do this \\n stuff in JSON. A newline in JSON is represented by a two-byte sequence \n
vangap joined the channel
parsley72
I had to replace "\n" with "\\n" to get Keen.io to accept it, might be their limitation rather than JSON's.
whack
weird, though I don't know anything about keen.io
:(
parsley72
But the array stepping is my primary problem right now
halt joined the channel
cittatva joined the channel
torqu3e joined the channel
sindarina joined the channel
achan joined the channel
koendc joined the channel
whack
array stepping for what?
rtoren joined the channel
let's sayou have an array, what do you want to do with it?
I want to step through the array of result[] and create a separate logstash entry for it
whack
you want that to stay as 1 event?
or make multiple events?
parsley72
Multiple
whack
you may need a custom filter
halt
Hi All, I'm planing to setup an logstash server for my AWS VPC, since It's a pain in the ass to maintain anything java based think I will use the docker image, and if it's already a docker container I'm planing to use the AWS ECS,so that part is cool i just have to figure out the config file ec2 connection but that's fine, I could live with that, but not sure about the database backend, elasticsearch is only available across EMR, but that also looks
paint-full but there redis does not seem to be the right one for this job, can you guys recommend something easy to use AWS PaaS database which is supported as an logstash output ?
parsley72
The answer I posted on SO only handles the first event
whack
parsley72: I blackhole SO on my browser, so I can't help there.
parsley72: but this ruby filter may help you get started
the 'p event.to_hash' will print the event to your console
torqu3e joined the channel
rhoml joined the channel
parsley72
Trying it now...
walterheck joined the channel
kireevco has quit
kisst joined the channel
halt
anyone on the AWS integration question ?
parsley72
That gives me: {"message"=>"{\"result\":[{\"keen\": {\"timestamp\": \"2014-12-02T12:23:51.000Z\", \"created_at\": \"2014-12-01T23:25:31.396Z\", \"id\": \"547cf8eb072719278f721f5d\", \"location\": {\"coordinates\": [-95.8, 36.1]}}}]}", "@version"=>"1", "@timestamp"=>"2015-04-29T05:30:35.753Z", "type"=>"json", "host"=>"APE01-AKLNZ", "path"=>"/home/tom/test6.json"} Exception in filterworker {"exception"=>#<NoMethodError: undefined m
zebrarage joined the channel
whack
parsley72: very strange, that looks ok
parsley72
Ah, should the ruby filter come afte the json filter?
whack
ooooh
let me rephase, it doesn't look ok
your event has a "message" field (normal) which includes unprocessed json
the literal json text
so basically, logstash just sees text, it doesn't know it's json
tigryss
halt: question is very good, i'm also interested
parsley72
right, so the first thing I do is run it thorugh a json filter
tigryss
warkolm: r u there?
whack
halt: EMR == elasticmapreduce? This has nothing to do with elasticsearch.
parsley72
if i put the ruby filter after the json filter i get: {"@version"=>"1", "@timestamp"=>"2015-04-29T05:33:15.919Z", "type"=>"json", "host"=>"APE01-AKLNZ", "path"=>"/home/tom/test6.json", "result"=>[{"keen"=>{"timestamp"=>"2014-12-02T12:23:51.000Z", "created_at"=>"2014-12-01T23:25:31.396Z", "id"=>"547cf8eb072719278f721f5d", "location"=>{"coordinates"=>[-95.8, 36.1]}}}], "tags"=>["valid_json"]} Exception in filterworker {"exception"=
whack
VPC is more about networking than it is about servers, isn't it?
in terms of getting this working for you immediately, I don't know if I have any quick fixes for you :(
parsley72
(: thanks for trying
halt
Ok I have to leave now, I leave the question open, and will check the botbot.me logs in case anyone have suggestions feel free to ping me thanks in advance