How to split a field which would be no value set

I have a json log, format is:

{
"data": [
{
"Name": "a1 name",
"Age": "a1 age",
"School": [
{
"s1": "s1-value1",
"s2": "s2-value1"
}
],
"Work": [
{
"w1": "w1-value1",
"w2": "w2-value1"
}
],
{
"Name": "a2 name",
"Age": "a2 age",
"School": [ ],
"Work": [ ]
},
{
"Name": "a3 name",
"Age": "a3 age",
"School": [ ],
"Work": [ ]
}
]
}

I want to split field "data", and also if field "School" and "Work" set values
in, need split "School" and "Work" fields to get data.School.s1,
data.School.s2, data.Work,w1, data.Work.w2 values. Now my issue is, when
i set config file as following:

filter {
if ([data]) {
split {
field => "data"
}
}
if ([data][School]) {
split {
field => "data[School]"
}
}
if ([data][Work]) {
split {
field => "data[Work]"
}
}
}

The out put is just the first data array values get in logstash, other no values set for Work[] or School[] records are not enter logstash.

How can I get all datas in logstash, for both values in or no values in Work[] or School[].

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.