How to create multiple events in logstash to push multiple request in elasticsearch

ajit · October 12, 2017, 1:22pm

I have logstash configuration. I want to take data from one event manipulate the data and create multiple events and push that events to elasticsearch.
e.g.
{
"activity" : "meeting",
"clientName" : "ABC/XYZ/LMN"
"Duration" : 60
}

above example shows my original event message.
But I want to divide that message into three json objects (events) like below:
{
"activity" : "meeting",
"clientName" : "ABC"
"Duration" : 20
},
{
"activity" : "meeting",
"clientName" : "XYZ"
"Duration" : 20
},
{
"activity" : "meeting",
"clientName" : "LMN"
"Duration" : 20
}

paz · October 12, 2017, 1:36pm

A decent solution would be the split filter along with some custom Ruby code most likely, especially if you want to do field manipulation like your duration example.

Example:

filter {
    ruby {
        code => "
            event.set('clientName', event.get('clientName').split('/'))
            event.set('Duration', event.get('Duration').to_i / event.get('clientName').length)
        "
    }
    split {
        field => "clientName"
    }
}

Topic		Replies	Views
Logstash split log and insert it separately into elasticsearch Logstash	2	407	July 31, 2021
Best way to split json input to multiple events for elasticsearch Logstash	3	1743	July 6, 2017
Seperate multiple events in input into seperate documents in elasticsearch index Logstash	1	297	January 17, 2019
Split event into multiple different messages Logstash	5	2075	July 27, 2018
Transforming data array to multiple event copies Logstash	3	354	December 13, 2019

How to create multiple events in logstash to push multiple request in elasticsearch

Related topics