As promised:
Latest ruby filter code: gist link
Example pipeline usage:
ruby {
path => "/path-to-file/json-to-event.rb"
script_params => {
"json_field" => "notes" <--Specify the field you want to extract json from (default: message)
"array" => true <--Do you want to flatten arrays within the json (default: false)
"target" => "parent" <--Specify root level name if wanted (default: root of document)
"tag_match_failure" => true <--Do you want to tag event when json regex match fails (defaults: false)
}
}