Distinguish json pattern and send it to specific index

hjsjar · July 21, 2019, 9:10pm

hi everyone

I have a logstash container querying data from a mysql table called events. The mysql table contains a json field that can contain different data structures, i need to identify when an event contains certain structure and send the event to the corresponding index so that every index contains all the events that follow the same json structure.

Im using the jdbc input plugin to read data from mysql and the elasticsearch output plugin to index the events.

here is an example of the different json structures you can find in the json field of the events table (i know all the different structures that can happen)

{"id":"5320","time":"1547749347","data":"27"}

{"id":"5320","time":"1547917026","data":[{"type":"1","value":"33.30"}]}

{"time":"1563742800.0","data":[{"id":"14050","type":"1","unit":"1","value":"31.7","message":"0b01000011100110000110110011001101"}]}

I have tried some filters but i couldn't find any suitable solution for this

help me

Badger · July 21, 2019, 10:40pm

Perhaps something like

    if [data][0][message] {
        mutate { add_field => { "targetIndex" => "foo" } }
    } else if [data][0][value] {
        mutate { add_field => { "targetIndex" => "bar" } }
    } else {
        mutate { add_field => { "targetIndex" => "baz" } }
    }

system · August 18, 2019, 10:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON Index Error: same field names different datatypes Elasticsearch	5	921	June 12, 2017
MySQL > JDBC > Logstash > Elastic Logstash	3	1055	June 13, 2017
Import JSON String data as a Flat table Logstash	5	521	July 18, 2019
Extract some data from an event and send it to a different index Logstash	3	336	December 3, 2018
Indexing structured documents using Logstash JDBC plugin Logstash	4	1684	July 6, 2017

Distinguish json pattern and send it to specific index

Related topics