Hi there
I elaborate my issue with an instance:
Imagine bellow log (The field "events" is an array , there are more fields in the log but I ignore them to write and just wrote down the field "events")
"events": [
{
"Level": "Error",
"MessageTemplate": "Error In {BehaviorName}{CurrentEvent}{ContractId}",
"Exception": "System.ApplicationException",
"Properties": {
"ProcessName": "CRM",
"CurrentEvent": "DSLAM",
"SourceContext": "Workflow",
"MachineName": "Machine1",
"ContractId": 0052986,
"BehaviorName": "Port",
"ThreadId": 44,
"Source": "NOC"
},
"Timestamp": "2021-04-27T10:58:51.9752113"
}
],
My problem is, all the contents like "ProcessName":"CRM" , "Source":"NOC" , "BehaviorName":"Port" and... they're index 0 of the list "events". all of them are in [0]
But something like the bellow log:
"root": {
"ThreadId": 1,
"ApplicationName": "Shift",
"ProcessId": 1,
"ProcessName": "dotnet",
"MachineName": "My_Machine"
}
The second one is a dictionary (for example I can say : "root.ProcessId")
Here's the deal, I want to make a filter in Logstash to convert the Array into field. I mean every content of "events[0]" consider as fields (or maybe like the second log, as a dictionary).
In short. I want the first log like bellow:
"events":
{
"Level": "Error",
"MessageTemplate": "Error In {BehaviorName}{CurrentEvent}{ContractId}",
"Exception": "System.ApplicationException",
"Properties": {
"ProcessName": "CRM",
"CurrentEvent": "DSLAM",
"SourceContext": "Workflow",
"MachineName": "Machine1",
"ContractId": 0052986,
"BehaviorName": "Port",
"ThreadId": 44,
"Source": "NOC"
},
"Timestamp": "2021-04-27T10:58:51.9752113"
}
So I can say for example: "events.Properties.ProcessName"
I hope I was able to explain what I meant
Thanks in advance