Need to parse josn object

Charan_Adabala · August 15, 2018, 6:02am

Hi,
I need to parse this json object using logstash can you please any one help me:

Sample Event:
{"result":{"points":{"HOST-B765":[[1531504800000,84.54410552978516],[1531526400000,99.29006958007812]]},"unit":"Percent (%)","aggregationType":"MAX","resolutionInMillisUTC":21600000,"timeseriesId":"com.apple.builtin:host.cpu.idle","entities":{"HOST-B765":"apple"}}}

Desired output:

{"timestamp":"1531504800000","value":"84.54410552978516","unit":"Percent (%)","aggregationType":"MAX","resolutionInMillisUTC":21600000,"timeseriesId":"com.apple.builtin:host.cpu.idle","hostId":"HOST-B765","servername":"apple"}
{"timestamp":"1531526400000","value":"99.29006958007812","unit":"Percent (%)","aggregationType":"MAX","resolutionInMillisUTC":21600000,"timeseriesId":"com.apple.builtin:host.cpu.idle","hostId":"HOST-B765","servername":"apple"}

Can you please help me please.

magnusbaeck · August 15, 2018, 6:22am

This isn't a JSON parsing problem.

The general way to split an event into multiple events is to use a split filter. You could use such a filter on the [result][points][HOST-B765] field to perform the split, after which you'd want to do some additional mutations to get the events exactly as you want them, but a complicating factor is, I guess, that the HOST-B765 string in your example is dynamic. In that case you'll have to use a ruby filter to rearrange the fields so that the array you want to split on is stored in a field with a fixed name.

Charan_Adabala · August 15, 2018, 7:44am

I have this "[1531504800000,84.54410552978516]"
Key is : 1531504800000
value is : 84.54410552978516

How can i parse this ? can you please

magnusbaeck · August 15, 2018, 8:05am

Please show what the Logstash event current looks like (use a stdout { codec => rubydebug } output to dump the raw event or copy/paste from Kibana's JSON tab) and what you'd like it to look like instead.

Charan_Adabala · August 15, 2018, 8:12am

{
    "result" => {
                     "unit" => "Percent (%)",
             "timeseriesId" => "com.apple.builtin:host.cpu.idle",
               "points" => {
        "HOST-B89765" => [
            [  0] [
                [0] 1531504800000,
                [1] 84.54410552978516
            ],
            [  1] [
                [0] 1531526400000,
                [1] 99.29006958007812
            ]
    },
          "aggregationType" => "MAX",
    "resolutionInMillisUTC" => 21600000,
                 "entities" => {
        "HOST-B89765" => "apple"
    }
},
  "@version" => "1",
      "host" => "Jayram-PC",
"@timestamp" => 2018-08-15T08:08:28.153Z,
      "path" => "D:/logstash/logstash-6.2.4/input/Sample.json"

}

magnusbaeck · August 15, 2018, 9:15am

Okay, but that looks like what you posted from the start. I've already outlined how I think you should solve the problem. I can answer specific questions about that but I don't have time to write at working example.

system · September 12, 2018, 9:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Split json object into multiple Events for ES Logstash	3	514	November 19, 2019
Parsing json object Logstash	2	522	April 20, 2021
Parse json with multiple lists to different events Logstash	2	428	April 29, 2020
Split JSON into several events Logstash	5	390	July 6, 2021
How to parse this json Logstash	7	561	September 8, 2019

Need to parse josn object

Related topics