I’m currently working on a project that has about a dozen or so log files formatted using JSON.
I’ve also taken a look at the documentation on Github which explains the following example:
{
"a": 5,
"b": {
"c": 6
},
"ignored": "I'm a string"
}
Which gets translated into the following fields of a measurement: myjsonmetric a=5,b_c=6
Each log file has quite a few objects (60 minutes worth), and each object has a bunch of strings and numbers, as you can see from the example below:
{
"ts":1498571047.747265,
"uid":"CESM5I2V6z8LNDRPpb",
"id.orig_h":"192.168.1.96",
"id.orig_p":49190,
"id.resp_h":"145.222.222.222",
"id.resp_p":80,
"fuid":"FfmePA13Dx2LcgCLd",
"file_mime_type":"application/x-dosexec",
"file_desc":"http://redacted/file.exe",
"proto":"tcp","note":"TeamCymruMalwareHashRegistry::Match",
"msg":"Malware Hash Registry Detection rate: 11% Last seen: 2017-06-28 22:10:06","sub":"https://www.virustotal.com/en/search/?query=555",
"src":"192.168.1.96",
"dst":"145.222.222.222",
"p":80,
"peer_descr":"blip",
"actions":["Notice::ACTION_LOG"],
"suppress_for":3600.0,
"dropped":false
}
Ideally I’d like to be able to parse the JSON log file (eventually all log files) and then store their contents in InfluxDB and visualize them using Grafana. I’d like to be able to
I have everything setup properly, minus the actual parsing of the log files. I wanted to get some thoughts and considerations from the community on the best approach to take for this task.
It’s my first time parsing log files using this software stack (Telegraf, InfluxDB, Grafana, etc). I have some experience using the Elastic Stack, but would rather use Influx’s offering since it’s not using JVM.
If I’m missing any details, please let me know. Thanks!