How to split string into array of objects using logstash?

Elastic Stack Logstash
1

Hello,

I'm trying to save some Java stacktrace data into Elasticsearch using Logstash.

Each event contains a multiline string like:
"exception1: Exception Message 1
exception2: Exception Message 2
exception3: Exception Message 3"

I want to save this into Elasticsearch as an array of objects like:
stacktrace_exceptions: [{name: "exception 1", message: "Exception Message 1", {name: "exception 2", message: "Exception Message 2", ...}

So far I've managed to save the stacktrace into two different arrays using mutate split, like:
exception_names: ["exception 1", "exception 2", ...]
exception_messages: ["Exception Message 1", "Exception Message 2", ...]

But I'd like to save it as a single array of objects.

Is this possible?

2

I can't think how to do that, but if a hash will do then.

    mutate { split => { "message" => "
" } }
    kv { value_split => ":"  field_split => "&" source => "message" target => "exceptionsHash" }

will return

"exceptionsHash" => {
    "exception3" => "Exception Message 3",
    "exception2" => "Exception Message 2",
    "exception1" => "Exception Message 1"
},
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.