Parsing nested JSON fields to separate fields

ottramst · September 25, 2020, 11:40am

Hello everyone!

I need to create a Logstash configuration that allows me to parse nested JSON fields to single fields.

Input event looks like this:

{
	"cloud": {
		"instance": {
			"id": "XXXX"
		},
		"machine": {
			"type": "t3a.large"
		},
		"provider": "aws",
		"availability_zone": "eu-central-1a",
		"region": "eu-central-1",
		"account": {
			"id": "XXXX"
		},
		"image": {
			"id": "XXXX"
		}
	}
}

And the output I would like to have is to have every nested value parsed to fields along with parent field names included in the final field name like so:

"cloud_instance_id" => "XXX"
"cloud_machine_type" => "XXX"

I have tried with just using the add_field filter and creating a new field using the value like so:

mutate {
  add_field => {
    "cloud_account_id" => "%{[cloud][account][id]}"
  }
}

But I'm looking to find out if there is a way to do this by using the Ruby filter and creating a reusable script with input parameters.

Any help is appreciated!

Badger · September 25, 2020, 2:06pm

See this answer.

ottramst · September 25, 2020, 2:51pm

Thank you! Case closed.

system · October 23, 2020, 2:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - ruby script to create array of nested fields Logstash	2	2110	October 17, 2019
Best Way to create nested field Logstash	10	21022	July 6, 2017
How to create fields from nested fields for json data in logstash Logstash	9	726	July 31, 2020
How to parse nested json through logstash Logstash	8	718	July 16, 2020
Filter to add fiels of on nested JSON name value fields Logstash	5	601	April 27, 2022

Parsing nested JSON fields to separate fields

Related Topics