I am using the logstash_formatterpython module to send formatted logs to logstash. logstash_formatterconverts my past dictionary to a JSON string. Then my application writes this JSON message to a file audit_log. logstash agentreads this log file and sends JSON data to RabbitMQ.
Before installing the package logstash_formatterfrom https://pypi.python.org/pypi/logstash_formatter, I expected that since this formatter sends a JSON message to the RabbitMQ indexer, I don’t need to add filters to my file shipper.conffor my extras agent running on my machine. All JSON fields will be automatically added as tags or fields in the logstash and will be displayed the same as the filter in Kibana.
But nothing like this happened, I still have to add filters to my file shipper.conf. In fact, the log message comes as a field / message tag in the logstash response.
Now I feel that there is no need to use this package. I would instead create my own dict and convert it to JSON using a module json.
I ask you if I missed something, or my understanding of this formatting is completely wrong.
source
share