Use a split filter to create a new event for each entry in the array....
split { field => "[fruits][fruit]" }
then use mutate+add_field to move the items in the array entry to the top level using (or possibly use a ruby filter), then use mutate+remove_field to delete [fruits].
In the output section use a sprintf reference ("%{id}") for the value of the document_id option on the elasticsearch output.
@babuzrb To create [diffs] you could use this
ruby {
code => '
d = ""
for i in event.get("start").to_i .. event.get("end").to_i
d += "#{i},"
end
event.set("diffs", d.chop)
'
}
I am sure there is some much prettier Ruby idiom that would work just as well