How to split array field in json and send it as separate event

uma_rengasamy · September 5, 2019, 10:45am

Please find the debug o/p , We want each logEvents as separate event in kibana, since logEvents will be huge in count and it takes time to load in kibana

{
"logEvents" => [
[ 0] {
"message" =>
"id" =>
"timestamp" =>
"extractedFields" =>
"dstport" =>
"bytes" =>
"srcport" =>
"version" =>
"log_status" =>
"action" =>
"packets" =>
"protocol" =>
"end" =>
"account_id" =>
"interface_id" =>
"start" =>
"srcadent" =>
"dstadent" =>
}
},
[ 1] {
"message" =>
"id" =>
"timestamp" =>
"extractedFields" =>
"dstport" =>
"bytes" =>
"srcport" =>
"version" =>
"log_status" =>
"action" =>
"packets" =>
"protocol" =>
"end" =>
"account_id" =>
"interface_id" =>
"start" =>
"srcadent" =>
"dstadent" =>
}
},
"messageType" => "",
"@version" => "1",
"@timestamp" => 2019-09-05T07:42:13.612Z,
"subscriptionFilters" => [
[0] "vpc"
],
"logGroup" => "",
"s3Path" => "",
"owner" => "",
"logStream" => ""
"type" => ""
}

Badger · September 5, 2019, 11:57am

Use a split filter.

uma_rengasamy · September 5, 2019, 12:13pm

It didn't work. No events were shipped to ES , when we use "split"

system · October 3, 2019, 12:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.