Extract json array using logstash to elasticsearch

I am trying to extract the following json to elasticsearch using logstash

{
"times_submitted": 6,
"name": "task1",
"sub_names": ["rescan", "that.doc", "c:\sorted\files\file1.exe"],
"tree": { "child1" : "abc",
"child2": {
grandchild1: "def",
grandchild2: "ghi"
}
}
}

I have created a template for this json in elasticsearch. I am able to capture all of the fields from this json except for "sub_names". The format of its contents in elasticsearch shows up as
"sub_names": """rescan,that.doc,c:\sorted\files\file1.exe"""

How do i carry over the sub_name field as an array to elasticsearch ?
How do i capture the tree fields into elasticsearch?

In my logstash filter i have the following

filter {
json {
source => "message"
target => "message"
}

json {
source => "[message][tree]"
target => "[message][tree]"
}
mutate {
add_field {
"[task][times_submitted]" => "%{[message][times_submitted]}"
"[task][name]" => "%{[message][name]}"
"[task][sub_names]" => "%{[message][sub_names]}"
"[task][tree]" => "%{[message][tree]}"
}
}
}

Thanks for helping.

By using mutate {rename => {"[message][sub_names]" => "[task][sub_names]"}}. I got sub_names populated in elasticsearch as expected.

While trying the same technique for extracting the tree information I get an error stating type = illegal_state_exception, reason = Can't get text on a START_OBJECT at 1:373

"tree": { "child1" : "abc",
"child2": { grandchild1: "def",
grandchild2: "ghi"
}
}

Need some pointers to extract the tree information. Appreciate your help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.