Parsing a JSON array of objects

gigavinyl · July 13, 2016, 7:25pm

I have a log file that's an array of objects that looks something like this:

[
  {
     "cate1": "data1a",
     "cate2": "data2a"
  },
  {
     "cate1": "data1b",
     "cate2": "data2b"
  }
]

and I need each object in the array to be a separate entry in Elasticsearch and each "cate" to be a field. How would I go about configuring Logstash to do this?

magnusbaeck · July 14, 2016, 6:18am

Use the split filter.

gigavinyl · July 14, 2016, 3:06pm

I've tried a few variations of using the split filter (by itself, with the json and mutate filters, etc.) but to no avail. Could you demonstrate the proper config for this filter? Thank you.

magnusbaeck · July 14, 2016, 6:36pm

The documentation contains an example that looks very much like what you have: https://www.elastic.co/guide/en/logstash/master/plugins-filters-split.html

dm221 · July 26, 2016, 11:52pm

Respectfully I do not see a way to use the split filter to do what gigvinyl is proposing. Do you prose having a split filter like (this wouldn't work, but at least it's a strawman).:
split {
source => "foo"
terminator => "},"
target => "bar"
}
json {
source => "bar"
target => "abc"
}

magnusbaeck · July 27, 2016, 9:23am

The source field is an array so the terminator option doesn't apply. And why would you use a json filter? The original question indicates an array of objects, not an array of JSON strings.

Topic		Replies	Views
Parse array of json objects in json Logstash	5	2522	December 4, 2017
How can I parse array of objects using Logstash? Logstash	7	4973	May 19, 2020
Trying to parse a multine array of json objects with logstash split and json Logstash	6	1568	July 5, 2019
Have Logstash take a file containing an array of JSON objects Logstash	5	5117	October 26, 2018
Parsing Inner JSON - Array of JSON Objects Logstash	3	417	August 19, 2019

Parsing a JSON array of objects

Related topics