How to create multiple events in logstash to push multiple request in elasticsearch

ajit · October 12, 2017, 1:22pm

I have logstash configuration. I want to take data from one event manipulate the data and create multiple events and push that events to elasticsearch.
e.g.
{
"activity" : "meeting",
"clientName" : "ABC/XYZ/LMN"
"Duration" : 60
}

above example shows my original event message.
But I want to divide that message into three json objects (events) like below:
{
"activity" : "meeting",
"clientName" : "ABC"
"Duration" : 20
},
{
"activity" : "meeting",
"clientName" : "XYZ"
"Duration" : 20
},
{
"activity" : "meeting",
"clientName" : "LMN"
"Duration" : 20
}

paz · October 12, 2017, 1:36pm

A decent solution would be the split filter along with some custom Ruby code most likely, especially if you want to do field manipulation like your duration example.

Example:

filter {
    ruby {
        code => "
            event.set('clientName', event.get('clientName').split('/'))
            event.set('Duration', event.get('Duration').to_i / event.get('clientName').length)
        "
    }
    split {
        field => "clientName"
    }
}

system · November 9, 2017, 1:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Split event into multiple different messages Logstash	5	1839	July 27, 2018
Splitting multiple arrays in Logstash to create multi events Logstash	4	1727	July 29, 2019
Best way to split json input to multiple events for elasticsearch Logstash	3	1694	July 6, 2017
Split an event into multiple events Logstash	2	786	August 28, 2017
Proper way to create new event from Logstash Ruby filter Logstash	4	3516	June 9, 2020

How to create multiple events in logstash to push multiple request in elasticsearch

Related topics