Parse elastic response json into CSV

raviep · October 20, 2019, 10:06am

Hi,

I need to parse elastic search response JSON to CSV using logstash. Here I need only fields parameters to go into CSV file.

{
"took" : 11,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 2434,
"max_score" : null,
"hits" : [
{
"_index" : "index1",
"_type" : "type1",
"_id" : "id",
"_score" : null,
"fields" : {
"field1" : [
"454"
],
"field2" : [
"777"
],
"field3" : [
"6767"
]
}
}
{
"_index" : "index1",
"_type" : "type1",
"_id" : "id2",
"_score" : null,
"fields" : {
"field1" : [
"242"
],
"field2" : [
"434"
],
"field3" : [
"2323"
]
}
}
]
}
}

Badger · October 20, 2019, 1:05pm

Your JSON is not valid, since the entries in the array are not separated by a comma. If you fix that you can parse it using a json filter, then split it

split { field => "[hits][hits]" }

and then use a csv output with

 fields => [ "[hits][hits][fields][field1][0]", "[hits][hits][fields][field2][0]", "[hits][hits][fields][field3][0]" ]

raviep · October 21, 2019, 5:59am

Thanks for your quick reply, it works fine and I got expected result.

system · November 18, 2019, 5:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parse Json Logstash elastic-stack-monitoring	3	190	April 16, 2024
Parsing array of json objects with logstash and injesting to elastic Logstash	9	11263	November 12, 2019
Logstash : parse json input from http poller failing Logstash	9	223	March 7, 2024
Parsing json logs using logstash Logstash	11	4582	July 1, 2021
Parse Logstash message field into multiple field Logstash	9	2616	September 13, 2021

Parse elastic response json into CSV

Related Topics