Hi all, i have a log in json format:
[{"id":"917066d5-5244-42e1-9343-49ccefe5b8cb","name":"data1","dataamount":1024000,"notification":0}]
And I want to transform in this:
id:917066d5-5244-42e1-9343-49ccefe5b8cb
name: data1
dataamount:102400
notification: 0
The porpouse is see this in kibana.
Thanks in advance.
I suspect you won't be able to use the json or json_lines codecs since it's an array, but you can use a json filter to deserialize the JSON string. Then use a mutate filter to rename (move) the fields into the top level of the event.
thanks magnus, but i want a way to transform this log by with out using the names of each json value, there is a way to do that?, the reason is that i have to many differents json formats in my logs, for example
one:
[{"id":"917066d5-5244-42e1-9343-49ccefe5b8cb","name":"data1","dataamount":1024000,"notification":0}]
two:
[{"id":"917066d5-5244-42e1-9343-49ccefe5b8cb","name":"data1","dataamount":1024000,"notification":0}"field3":120012,"field4":wwa]
three:
[{"id":"917066d5-5244-42e1-9343-49ccefe5b8cb","name":"data1","dataamount":1024000,"notification":0}"field3":120012,"field4":wwa,"field5":45454]
And many other variations, is posible to use a general filter that apply to all this logs? Or I have to use a differente filter to each one.
thanks
You can use a ruby filter to copy/move fields with dynamic names. Examples of how to do that have been posted here in the past.
Magnus could you giveme an example please? or some criteria to search, I try to find examples, but with out luck.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.