Parsing a JSON array of objects

gigavinyl · July 13, 2016, 7:25pm

I have a log file that's an array of objects that looks something like this:

[
  {
     "cate1": "data1a",
     "cate2": "data2a"
  },
  {
     "cate1": "data1b",
     "cate2": "data2b"
  }
]

and I need each object in the array to be a separate entry in Elasticsearch and each "cate" to be a field. How would I go about configuring Logstash to do this?

magnusbaeck · July 14, 2016, 6:18am

Use the split filter.

gigavinyl · July 14, 2016, 3:06pm

I've tried a few variations of using the split filter (by itself, with the json and mutate filters, etc.) but to no avail. Could you demonstrate the proper config for this filter? Thank you.

magnusbaeck · July 14, 2016, 6:36pm

The documentation contains an example that looks very much like what you have: https://www.elastic.co/guide/en/logstash/master/plugins-filters-split.html

dm221 · July 26, 2016, 11:52pm

Respectfully I do not see a way to use the split filter to do what gigvinyl is proposing. Do you prose having a split filter like (this wouldn't work, but at least it's a strawman).:
split {
source => "foo"
terminator => "},"
target => "bar"
}
json {
source => "bar"
target => "abc"
}

magnusbaeck · July 27, 2016, 9:23am

The source field is an array so the terminator option doesn't apply. And why would you use a json filter? The original question indicates an array of objects, not an array of JSON strings.

Topic		Replies	Views
How can I parse array of objects using Logstash? Logstash	7	4967	May 19, 2020
Have Logstash take a file containing an array of JSON objects Logstash	5	5111	October 26, 2018
Split Filter Parse Failure - Only String and Array types are splittable Logstash	5	1204	March 12, 2020
Split nested json array from log Logstash	13	3991	May 18, 2020
Split nested json array Logstash	9	13842	October 9, 2018

Parsing a JSON array of objects

Related Topics