How to split string into array of objects using logstash?

stevefai · June 11, 2018, 1:30pm

Hello,

I'm trying to save some Java stacktrace data into Elasticsearch using Logstash.

Each event contains a multiline string like:
"exception1: Exception Message 1
exception2: Exception Message 2
exception3: Exception Message 3"

I want to save this into Elasticsearch as an array of objects like:
stacktrace_exceptions: [{name: "exception 1", message: "Exception Message 1", {name: "exception 2", message: "Exception Message 2", ...}

So far I've managed to save the stacktrace into two different arrays using mutate split, like:
exception_names: ["exception 1", "exception 2", ...]
exception_messages: ["Exception Message 1", "Exception Message 2", ...]

But I'd like to save it as a single array of objects.

Is this possible?

Badger · June 11, 2018, 1:48pm

I can't think how to do that, but if a hash will do then.

    mutate { split => { "message" => "
" } }
    kv { value_split => ":"  field_split => "&" source => "message" target => "exceptionsHash" }

will return

"exceptionsHash" => {
    "exception3" => "Exception Message 3",
    "exception2" => "Exception Message 2",
    "exception1" => "Exception Message 1"
},

system · July 9, 2018, 1:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting an array of objects using Logstash Logstash	3	122	January 8, 2024
Split string into array and then into key value pairs Logstash	3	1898	March 18, 2021
Split single object in array to multiple? Logstash	1	162	October 12, 2022
Creating Array in Logstash Logstash	4	4801	August 17, 2017
Split string into array Logstash	11	9991	April 6, 2018

How to split string into array of objects using logstash?

Related topics