I am using Bunyan (https://www.npmjs.com/package/bunyan) as a logger for my node Java Script application and the log output is in the below format.
{"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Time: 1537221680271","time":"2018-09-17T22:01:20.271Z","v":0}
{"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Cache flag is set to===> true","time":"2018-09-17T22:01:20.272Z","v":0}
{"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Response status---> 200","time":"2018-09-17T22:01:20.272Z","v":0}
The data gets to logstash and then to Splunk. When I pull the data in to Splunk, I see them as below (grouped together)
10:01:25.505 PM
{ [-]
@timestamp: 2018-08-17T22:01:25.505Z
LOGLEVEL: UNKNOWN
kubernetes: { [+]
}
log: {"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Time: 1537221680271","time":"2018-09-17T22:01:20.271Z","v":0}
{"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Cache flag is set to===> true","time":"2018-09-17T22:01:20.272Z","v":0}
{"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Response status---> 200","time":"2018-09-17T22:01:20.272Z","v":0}
tags: [ [+]
]
type: ms_Log
}
I want each log entry to appear separately in Splunk as below (even better if it can be formatted). Any inputs are appreciated?
@timestamp: 2018-09-17T22:01:20.271Z
LOGLEVEL: INFO
kubernetes: { [+]
}
log: {"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Time: 1537221680271","time":"2018-09-17T22:01:20.271Z","v":0}
tags: [ [+]
]
type: Microservice_Log
@timestamp: 2018-09-17T22:01:20.272Z
LOGLEVEL: INFO
kubernetes: { [+]
}
log: {"name":"Product list page","hostname":"plist","pid":24,"level":30,"msg":"Cache flag is set to===> true","time":"2018-09-17T22:01:20.272Z","v":0}
tags: [ [+]
]
type: Microservice_Log