Help parsing nested JSON with dynamic top key

thesilence · February 5, 2016, 1:41pm

Hi everyone,

I am looking for help to tackle a fairly difficult problem for an unexperienced logstash user.

I have an application that pushes JSON messages to redis.

The message format is the following:
http://pastebin.com/gRyRAejb

I need to insert the contents of each message in ElasticSearch, but I want to get rid of the top level key (in the example called 'DYNAMIC_TOP_KEY', so I only want the values inside.

I don't really know how to perform this operation in logstash filters. I also cannot access the fields below as I don't know how to capture the top level key.

For example if I want to delete the "msg_name", how should I do that?

Thanks a lot for the help in advance!

magnusbaeck · February 6, 2016, 2:50pm

You'll have to use the ruby filter to copy key/value pairs of nested fields into the top level. This appears to work:

filter {
  ruby {
    code => "
      event.to_hash.clone.each_value{|v|
        if v.is_a? Hash
          v.each_pair{|k,v|
            event[k] = v
          }
        end
      }
    "
  }
}

Topic		Replies	Views
Parsing json objects with dynamic key Logstash	3	2206	June 20, 2018
Extract field from json to the top-level Logstash	3	1547	June 2, 2017
Parsing nested JSON with dynamic key Logstash	3	1000	April 19, 2019
Using Ruby to rename and flatten dynamic json input Logstash	2	550	July 17, 2021
Nested JSON parsing in dynamic field names Logstash	2	2679	July 16, 2018

Help parsing nested JSON with dynamic top key

Related topics