Add filed inside of array

Hi,

I've run into situation that we need to insert new filed into json array, let say for instance:

json

alert:[
{attrib1:"something",attrib2:"something"},
{attrib1:"somethingddd",attrib2:"somethingsss"},
{attrib1:"somethingddd",attrib2:"somethingdd"}

]

Problem is that I have variable number of json array entries.
So question is, how to address all array entries ( don't know size in advance), and add field in logstash (mutate or something else)

so after calling add_field => I want that my json looks like:

alert:[
{newfield:"",attrib1:"something",attrib2:"something"},
{newfield:"",attrib1:"somethingddd",attrib2:"somethingsss"},
{newfield:"",attrib1:"somethingddd",attrib2:"somethingdd"}
]

Also is there anyway to detect that nested json is array, in a case I getting two kinds of json like:

alert:{}
alert:[{},{},{}]

Thanks in advance
Dubravko

Hi,

Looks like I've resolved my problems by using ruby:

 ruby {
            code => "event['keep']=(event['alert']).kind_of?(Array)"
    }

  if !([keep]) {
            drop {}
        }
 ruby{
            code => "i=0
                     size=event['alert'].length
                     while i < size  do
                         event['alert'][i]['explanation']['malware-detected']['malware']['collected']= false
                         event['alert'][i]['explanation']['malware-detected']['malware']['analyzed']= false
                         event['alert'][i]['explanation']['malware-detected']['malware']['malware_confirmed']= false
                         event['alert'][i]['explanation']['malware-detected']['malware']['scan_results']= {}
                         i+=1
                     end"
                      }

And everything looks ok, even result is ok, I'm still getting exception below, look like bug or something?
[root@centos-dev bin]# ./logstash -f /root/first_pipeline.conf
Settings: Default pipeline workers: 2
Pipeline main started
Ruby exception occurred: can't convert String into Integer {:level=>:error}

Thanks
Dubravko