Help with nested fields

Elastic Stack Logstash
1

Hi, I searched the forums with no success, hope someone can help me. I have a CSV from a feedback system, that gives me a CSV like this:

Field1; Field2; Field3; Field4;
Value1; Val2-1,Val2-2; Val3; Val4-1, Val4-2, Val4-3
Value1; Val2-1; Val3-1, Val3-2; Val4-1, Val4-2, Val4-3

Basically:
FieldX are my headers, fixed.
The values are separated with ";" and inside each value may appear more than one value, separated by ",".
In the first line of the example, Field2 has two values and only one in the following line.
In the second row Field4 contains 3 values as in the first line.

I would like to obtain a structured data set, to be able to query/group for single values inside the fields:

{
 "Field1": "Value1",
 "Field2": [ "Val2-1", "Val2-2"],
 "Field3": ...
}

Think about F2 as Countries, F3 as Interests and so on. Multiple choices in the form.
Hope I was clear enough.
Thank you

2

You can use a CsvFilter

filter {
csv {
add_field => {
"field1" => "Hello world, from %{host}"
"field2" => "new_static_value"
}
}
}

Also You can remove the used columns using remove_field after you have created these new fields

3

Wow, it was easier than I thought! Logstash packs a lot of power.
You just need to CSV input the "main" fields (FieldX), then for those fields who can contain multiple values just use Split as
mutate {
split => [ "Field1", ","]
}

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.