Parse array of array in Logstash

sandy1139 · March 24, 2020, 5:54am

I have some logs like below which is an array within which there are two more arrays, I need to split them into individual events.

[{"nodes":[{"id":"node1","label":["Label1", "Label2"],"properties":"property1"},{"id":"node2","label":["Label1", "Label2"],"properties":"property2"}],"relationships":[{"id":"relation1","properties":"property1"},{"id":"relation2","properties":"property2"}]}]

Expected result:

{
	"id" => "node1"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property1"
}
{
	"id" => "node2"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property2"
}
{
	"id" => "relation1"
	"properties" => "property1"
}
{
	"id" => "relation2"
	"properties" => "property2"
}

Badger · March 24, 2020, 12:48pm

You can split that event into multiple events using a split filter. You can expand an array into multiple fields using something like this.

system · April 30, 2020, 6:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Split Json Array Objects Logstash	9	1777	April 15, 2020
How to split nested fields into separate events? Logstash	3	1928	July 6, 2017
Logstash - split array into individual events Logstash	7	6356	June 16, 2019
Logstash parse object Logstash	5	653	January 20, 2021
Splitting an array of objects using Logstash Logstash	3	122	January 8, 2024

Parse array of array in Logstash

Related Topics