How to filter single line json?

jeromeat · February 4, 2022, 12:16am

I am trying to figure out how to filter this single line of json data I have been able to pull via http_poller. I've obfuscated the data, but this is the format it's coming in as. I've never utilized a filter before, so I'm not sure how to go about this. Any help would be appreciated.

{"products":[{"test_level":"Green","title":"Testing Title one","executive_summary":"Test Executive summary","updated_at":"2018-10-15T17:50:28.000Z","threat_level":0,"serial":"Test-2020-01","test_count":0,"tags":[{"text":"Test Distribution","tag_type":"Testing"},{"text":"United States","tag_type":"GeographicLocation"},{"text":"Testing Location","tag_type":"Industry"}],"release_date":"2020-04-21T04:00:00.000Z","type":"Report Special","report_link":"https://portal.website.test/api/v1"},{"test_level":"Green","title":"Testing Title one","executive_summary":"Test Executive summary","updated_at":"2018-10-15T17:50:28.000Z","threat_level":0,"serial":"Test-2020-01","test_count":0,"tags":[{"text":"Test Distribution","tag_type":"Testing"},{"text":"United States","tag_type":"GeographicLocation"},{"text":"Testing Location","tag_type":"Industry"}],"release_date":"2020-04-21T04:00:00.000Z","type":"Report Special","report_link":"https://portal.website.test/api/v1"},{"test_level":"Green","title":"Testing Title one","executive_summary":"Test Executive summary","updated_at":"2018-10-15T17:50:28.000Z","threat_level":0,"serial":"Test-2020-01","test_count":0,"tags":[{"text":"Test Distribution","tag_type":"Testing"},{"text":"United States","tag_type":"GeographicLocation"},{"text":"Testing Location","tag_type":"Industry"}],"release_date":"2020-04-21T04:00:00.000Z","type":"Report Special","report_link":"https://portal.website.test/api/v1"},{"test_level":"Green","title":"Testing Title one","executive_summary":"Test Executive summary","updated_at":"2018-10-15T17:50:28.000Z","threat_level":0,"serial":"Test-2020-01","test_count":0,"tags":[{"text":"Test Distribution","tag_type":"Testing"},{"text":"United States","tag_type":"GeographicLocation"},{"text":"Testing Location","tag_type":"Industry"}],"release_date":"2020-04-21T04:00:00.000Z","type":"Report Special","report_link":"https://portal.website.test/api/v1"},```

Badger · February 4, 2022, 1:35am

Aren't you using a json codec on your http_poller input?

jeromeat · February 4, 2022, 1:57am

Yes I am. However, it’s parsing the one line as one line.

Badger · February 4, 2022, 2:42am

Use a json filter. You may need to use mutate+gsub to clean up the end of the [message] field before doing so.

jeromeat · February 8, 2022, 5:21pm

I fixed it using the following:

filter {
  split { field => "[products]" }
  split { field => "[products][code_level]" } 
   
}```

system · March 8, 2022, 5:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON research and filter in array Kibana	6	4456	July 6, 2017
How to filter nested JSON Data in Logstash Logstash	9	1869	August 7, 2018
Filter JSON Array Using Logstash Logstash	2	496	March 25, 2022
Utilize Data Parsed From Nested JSON Logstash	6	442	February 26, 2020
How to filter object,float,string datatype values coming from single variable Logstash	5	1317	July 6, 2017

How to filter single line json?

Related topics