I think the major issue here is that the source application is sending essentially a hash in array form.
If the counters element was:
"counters": {
"n_lost_packets": 0,
"n_sent_bytes": 130852808
}
instead of:
"counters": [
{
"name": "n_lost_packets",
"value": 0
},
{
"name": "n_sent_bytes",
"value": 130852808
}
]
it would be simpler. If you want to programatically you need ruby filter since, in your case each hash contains a key under "key" and a value under "value", but it could be something else, also there can be duplicates, some elements may only contain key or value (errors happen), etc
in your case, to iterate over counters and set each property on event, you can do:
filter { ruby { code => "event.get('counters').each {|hash| event.set(hash['key'] = hash['value']) }" } }
(this code wasn't tested)