Parse array of array in Logstash

Elastic Stack Logstash
1

I have some logs like below which is an array within which there are two more arrays, I need to split them into individual events.

[{"nodes":[{"id":"node1","label":["Label1", "Label2"],"properties":"property1"},{"id":"node2","label":["Label1", "Label2"],"properties":"property2"}],"relationships":[{"id":"relation1","properties":"property1"},{"id":"relation2","properties":"property2"}]}]

Expected result:

{
	"id" => "node1"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property1"
}
{
	"id" => "node2"
	"label_0" => "Label1"
	"label_1" => "Label2"
	"properties" => "property2"
}
{
	"id" => "relation1"
	"properties" => "property1"
}
{
	"id" => "relation2"
	"properties" => "property2"
}
2

You can split that event into multiple events using a split filter. You can expand an array into multiple fields using something like this.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.