有关ELK logstash nginx日志问题？

打扰各位

 Mar 27 23:23:42 192.168.0.96 {"@timestamp": "2017-03-27T23:23:42+08:00","host":"192.168.0.95","clientip":"36.149.14.104","size":420,"responsetime":0.021,"upstreamtime":"0.021","upstreamhost":"192.168.0.209:80","http_host":"www.test.com","url":"/assistant/ass/im/friendinfo.json","xff":"-","referer":"-","agent":"/5.0.7 te; iOS 10.2.1; Scal

e/2.00)","status":"200"}
这是我通过Rsyslog把nginx json日志打到ELK的log。

NGINX配置如下：

 logformat json '{"@timestamp":"$time_iso8601",'
               '"@version":"1",'
               '"host":"$server_addr",'
               '"client":"$remote_addr",'
               '"size":$body_bytes_sent,'
               '"responsetime":$request_time,'
               '"domain":"$host",'
               '"url":"$uri",'
               '"status":"$status"}';
access_log /var/log/nginx/access.log_json json;

然后logstash 配置:

 filter {
    json {
        source => "message"
        target => "jsoncontent"
    }
}

按道理能output出message的格式化字段啊，为什么我依旧是输出整条message？