I would like to access nested data from an array

jsvd · January 17, 2017, 1:29pm

I think the major issue here is that the source application is sending essentially a hash in array form.
If the counters element was:

"counters": {
  "n_lost_packets": 0,
  "n_sent_bytes": 130852808
}

instead of:

"counters": [
  {
    "name": "n_lost_packets",
    "value": 0
  },
  {
    "name": "n_sent_bytes",
    "value": 130852808
  }
]

it would be simpler. If you want to programatically you need ruby filter since, in your case each hash contains a key under "key" and a value under "value", but it could be something else, also there can be duplicates, some elements may only contain key or value (errors happen), etc

in your case, to iterate over counters and set each property on event, you can do:

filter { ruby { code => "event.get('counters').each {|hash| event.set(hash['key'] = hash['value']) }" } }

(this code wasn't tested)

Topic		Replies	Views
Logstash:event api to get nested fields with attribute values in ruby filter Logstash	2	1137	May 7, 2021
Using filters on nested fields Logstash	4	376	March 3, 2017
Access nested logstash event key in ruby Logstash	2	1388	March 7, 2019
Create an array from a nested XML field Logstash	4	1586	July 6, 2017
Logstash nested array parsing Logstash	3	1276	July 18, 2017

I would like to access nested data from an array

Related topics