Loop through json arrays

hiba · May 13, 2020, 12:56am

Hi,
My JSON file looks like this :
{
"bookings": [
{
"bookingId": 553267,
"bookingRef": "VO20200108460",
"statusId": 1,
"status": "Confirmed",
"rooms": [
{
"board": "Demi pension",
"paxes": {
"adults": 2,
"infant": 0,
"children": 0
},
"quantity": 1,
"room": "DOUBLE"
},
{
"board": "Demi pension",
"paxes": {
"adults": 1,
"infant": 0,
"children": 0
},
"quantity": 1,
"room": "SINGLE"
}
],
"options": } }

How do I loop through all rooms.
my config file in logstash :

input {
http_poller {
urls => {
url => "XXX"
}
request_timeout => 60
schedule => { every => "60s" }
codec => "json"
}
}
filter {
split { field => "[bookings]" }
split { field => "[bookings][rooms]" }
mutate {
rename => {
"[bookings][bookingId]" => "bookingId"
"[bookings][status]" => "status"
"[bookings][hotelId]" => "hotelId"
"[bookings][hotelName]" => "hotelName"
"[bookings][hotelCity]" => "hotelCity"
"[bookings][hotelCountry]" => "hotelCountry"
"[bookings][arrDate]" => "arrDate"
"[bookings][depDate]" => "depDate"
"[bookings][price]" => "price"
"[bookings][currency]" => "currency"
"[bookings][purchasePrice]" => "purchasePrice"
"[bookings][partnerName]" => "partnerName"
"[bookings][partnerId]" => "partnerId"
"[bookings][firstName]" => "firstName"
"[bookings][lastName]" => "lastName"
"[bookings][channel]" => "channel"
"[bookings][supplierName]" => "supplierName"
"[bookings][rooms][board]" => "board"
"[bookings][rooms][paxes][adults]" => "adults"
"[bookings][rooms][paxes][infant]" => "infant"
"[bookings][rooms][paxes][children]" => "children"
"[bookings][rooms][quantity]" => "quantity"
"[bookings][rooms][room]" => "room"
}
remove_field => ["confirmedDate", "bookingRef", "bookings", "createdDate", "hotelAddress", "hotelPhonearrDate", "customerId", "title", "email", "city", "mobile", "supplierId","paxe", "payments", "options", "isXML"]
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "bookings"
action => "update"
doc_as_upsert => "true"
document_id => "%{bookingId}"
}
stdout { codec => rubydebug }
}

Any help please !

Badger · May 13, 2020, 2:36pm

What do you not like about the resulting output?

hiba · May 14, 2020, 1:10pm

i can't have all the data :

in the document above there is no double room

{
"board": "Demi pension",
"paxes": {
"adults": 2,
"infant": 0,
"children": 0
},
"quantity": 1,
"room": "DOUBLE"
},

Badger · May 14, 2020, 2:35pm

You have a split filter that is splitting "[bookings][rooms]", so you will only have one room per document.

hiba · May 14, 2020, 4:24pm

what can i do to have all the rooms per document !?

Badger · May 14, 2020, 5:00pm

Remove the second split filter:

# split { field => "[bookings][rooms]" }

hiba · May 15, 2020, 2:00pm

it displays no rooms

Badger · May 15, 2020, 3:09pm

That is because you remove the bookings field. Change your mutate+rename to include

"[bookings][rooms]" => "rooms"

hiba · May 15, 2020, 9:51pm

it's work..
but I can't do aggregation on the field rooms .....
i need this field rooms to build my dashboards.....

Badger · May 15, 2020, 10:00pm

OK, let's backtrack. If you go back to your original configuration, if a booking has multiple rooms, then when you do the split on [bookings][rooms] you will get multiple events with the same [booking_id]. In your elasticsearch filter you are using

document_id => "%{bookingId}"

so it will update the document by overwriting the first room with the second room. If you want multiple documents for the same booking id then remove that.

system · June 12, 2020, 10:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.