Create new document from extracted fields

earthpatipon · November 5, 2019, 5:14am

Hi there,

Here is my log structure that comes directly from a service.

PUT my_index/_doc/1
{
    "user": [
    {
      "firstName": "Tim",
      "lastName": "Cook"
    },
    {
      "firstName": "Bill",
      "lastName": "Gates"
    }
    ]
}

I want to extract each index in user array and create new documents for them.
So it would be something like,

PUT my_index/_doc/1
{
  "user": {
      "firstName": "Tim",
      "lastName": "Cook"
    }
}

PUT my_index/_doc/2
{
  "user": {
      "firstName": "Bill",
      "lastName": "Gates"
    }
}

My question is how to do so? use ingest pipeline node? Please give me some idea

Christian_Dahlqvist · November 5, 2019, 5:25am

As far as I know ingest pipelines can not generate additional documents, so you may need to use a split filter in Logstash.

system · December 3, 2019, 5:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.