filter {
split {
field => "[parent][childArray]"
}
}
Output : None, it's stuck in the splitting, I added a if childArray !=[] in case I had parent with no child, but it doesn't help much. No error message with output rubydebug.
I've only managed to make this work if the parent only has 1 child, but the moment I have multiple child, the filter doesn't work.
We cannot help you if you do not tell us what you are doing. That "JSON" is not valid JSON, in several ways. What does the input actually look like? Are you using a JSON codec on an input or a JSON filter.
In principal, the split is just fine, so I don't think you have an array field on your event called [parent][childArray].
For example, this will produce two events, one for john and one for bob.
Thanks, I managed to the split part, you were right about it working correctly. The issue I ran into was trying to parse some parent with no child(which I didn't knew existed).
The ouput is good but if I may add a following question,
How should I proceed to recreate 1 document per child? Something like this
I am not sure I understand the question. Are you saying that after splitting the array childArray you want to coerce it back to being an array with a single member? You could do that using a ruby filter.
split { field => "[parent][childArray]" }
ruby {
code => '
a = []
a << event.get("[parent][childArray]")
event.set("[parent][childArray]", a)
'
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.