In today’s Logstash Filter Of The Day, we look at encoding NGiNX access logs into JSON. To save the default NGiNX log format into Elasticsearch requires transcoding it to JSON. Read this post to learn how to format your logs into JSON before being sent to Logstash.

Once Logstash receives your JSON formatted log line, all it needs to do is run the JSON Filter Plugin on the message field like this.

filter {
    json {
        source => "message"
        # suppress error tag
        skip_on_invalid_json => true
    }
}

Tagged on: