Hello everyone!
I need to create a Logstash configuration that allows me to parse nested JSON fields to single fields.
Input event looks like this:
{
"cloud": {
"instance": {
"id": "XXXX"
},
"machine": {
"type": "t3a.large"
},
"provider": "aws",
"availability_zone": "eu-central-1a",
"region": "eu-central-1",
"account": {
"id": "XXXX"
},
"image": {
"id": "XXXX"
}
}
}
And the output I would like to have is to have every nested value parsed to fields along with parent field names included in the final field name like so:
"cloud_instance_id" => "XXX"
"cloud_machine_type" => "XXX"
I have tried with just using the add_field filter and creating a new field using the value like so:
mutate {
add_field => {
"cloud_account_id" => "%{[cloud][account][id]}"
}
}
But I'm looking to find out if there is a way to do this by using the Ruby filter and creating a reusable script with input parameters.
Any help is appreciated!