Parse array of array in Logstash

sandy1139 · March 24, 2020, 5:54am

I have some logs like below which is an array within which there are two more arrays, I need to split them into individual events.

[{"nodes":[{"id":"node1","label":["Label1", "Label2"],"properties":"property1"},{"id":"node2","label":["Label1", "Label2"],"properties":"property2"}],"relationships":[{"id":"relation1","properties":"property1"},{"id":"relation2","properties":"property2"}]}]

Expected result:

{
	"id" => "node1"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property1"
}
{
	"id" => "node2"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property2"
}
{
	"id" => "relation1"
	"properties" => "property1"
}
{
	"id" => "relation2"
	"properties" => "property2"
}

Badger · March 24, 2020, 12:48pm

You can split that event into multiple events using a split filter. You can expand an array into multiple fields using something like this.

system · April 30, 2020, 6:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting multiple arrays in Logstash to create multi events Logstash	4	1727	July 29, 2019
Split Json Array Objects Logstash	9	1778	April 15, 2020
How to split nested fields into separate events? Logstash	3	1932	July 6, 2017
Logstash - split array into individual events Logstash	7	6363	June 16, 2019
Logstash parse object Logstash	5	653	January 20, 2021

Parse array of array in Logstash

Related topics