Hello, I am looking for a way to go from this message
{
"parent_field": [
"Key 1:red",
"Key 1:blue",
"Key 2:this is green"
]
}
to:
{
"key#1": ["red", "blue"],
"key#2": "this is green"
}
Tried with gsub to replace the space with hashtag and then kv (with transform_key => "lowercase") and worked, but the gsub also replaces the spaces of the values as well and last key has "this#is#green" as value.
Thanks!
Think this will get you close. Not sure the requirements from removing this is from this is green but I think you have that part figured out where you can add it.
Conf
input {
generator {
lines => [ '{ "parent_field": [ "Key 1:red", "Key 1:blue", "Key 2:this is green" ] }' ]
codec => json
count => 1
}
}
filter {
kv {
source => "parent_field"
value_split => ":"
field_split => ","
}
mutate { rename => { "Key 1" => "key#1" } }
mutate { rename => { "Key 2" => "key#2" } }
}
output {
stdout { codec => json }
}
Output
{
"key#1": [
"red",
"blue"
],
"key#2": "this is green"
}
Thanks, Aaron. Appreciate you help. I forgot to mention that the fields in the array are dynamic and I do not know their names. I won't be able to rename them as you suggested.
I mean, I only know the name of the parent field (parent key) but the number of the fields in the array/list is variable and their names are almost imposible to predict. The only thing I know is that I need to replace their spaces if present.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.