Logstash data formatting help

capaneus · August 22, 2017, 12:21am

Hi,
I know this is very basic newbee question, but I hope can get some of your time to shed me some light on this.

Now I have structured json data after a few filters:
filter {
json {
source => "message"
}

	split {
		field => "@message"
	}
}

The data look like this:
{
"@message": {
"field name 1": "field data"
"field name 2": {
"field name 3": "field data",
"field name 4": "field data",
...
}
...
},
"@tags": [
"tag 1", "tag 2" ],
"@timestamp": "2017-08-21T23:37:47.244Z",
"@version": "1",
...
}

I wish to flattern a bit the data to something like this:
{
"field name 1": "field data",
"field name 2": "field data",
"field name 3": "field data",
"field name 4": "field data",
...
"@tags": [
"tag 1", "tag 2" ],
"@timestamp": "2017-08-21T23:37:47.244Z",
"@version": "1"
}
and take only the fields I'm interested. Would it be possible to show me how it can be achieved? Checked all the plugins but couldn't find something matching.

Thanks!

capaneus · August 23, 2017, 10:57am

Managed to solve the problem, a piece of ruby code will help:
filter {
split {
field => "@message"
}
ruby {

        code => "
            obj = event.get('@message')
			if obj.is_a?Hash
				obj.each {|k,v|
					event.set(k, v)
				}
			end
        "
    }
}

system · September 20, 2017, 10:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Flatten JSON array (Simple, but I don't know ruby) Please help! Logstash	2	479	August 6, 2018
How to flatten the json, not working with previous post Logstash	7	1633	April 5, 2020
Parsing nested json logs iin logstash Logstash	7	1060	July 7, 2017
Need help flatten json object in logstash filter Logstash	1	1242	February 13, 2017
Nested array of Json Logstash	2	318	April 12, 2018

Logstash data formatting help

Related topics