Nested array of Json

gius78 · March 9, 2018, 2:44pm

Hi all,
sorry if topic has already been discussed, but I could not find a fitting example:

I've a log with the following structure:

message: {PROF_ID":"P_CUSTOMER","action":"USERROLE","USR_COMP":"0xx","USER_DN":"cn=TEST TEST,ou=externalUsers,o=XXX","USR_EMP_ID":"E00XXX","FILTERS":[{"USR_PROF_FILT_VAL":"IT0XXXXX","FILT_ID":"XXX_CLI_FAT"},{"USR_PROF_FILT_VAL":"0XX","FILT_ID":"XXX_COMPANY"}]}

I've correctly parsed the first part with a json filter, the problem is the part after the "FILTERS"
I've used a split filter:

split { field => "[MessageJ][FILTERS]"}
}

and it creates a couple of events, with the following structure:

 MessageJ.FILTERS.FILT_ID  =>  XXX_COMPANY
 MessageJ.FILTERS.USR_PROF_FILT_VAL =>  0xx

and:

 MessageJ.FILTERS.FILT_ID => XXX_CLI_FAT
 MessageJ.FILTERS.USR_PROF_FILT_VAL => ITXXXXXX

I'd like to obtain something like:

MessageJ.FILTERS.XXX_COMPANY => 0xx
MessageJ.FILTERS.XXX_CLI_FAT => ITXXXXXX

So only a couple of values, no 2 different events. Also because in that way I lose correlation between data.

is that possible?

thanks a lot

gius78 · March 15, 2018, 10:53am

Any suggestion on how to associate/manipulate elements of the array?

{a=b , c=d} I want to make as a result: b=d

system · April 12, 2018, 10:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing nested json Logstash	2	241	September 30, 2020
JSON Array - Logstash Logstash	6	233	August 21, 2019
Logstash 6.5.1 Ruby filter how to Modify nested json array Logstash	1	450	January 15, 2019
Json filter to parse nested json Logstash	4	1307	May 28, 2017
Convert a json nested string array to a flat string Logstash	4	3134	February 22, 2018

Nested array of Json

Related topics