[SOLVED] Split filter question a.k.a flatten json sub array

Badger · May 3, 2018, 6:17pm

So what does output { stdout { codec => rubydebug } } produce, and what don't you like about it?

My guess is you will end up wanting something like

  ruby {
    code => '
      event.get("[Request][Headers]").each { |a|
        name = a["Name"]
        value = a["Value"]
        event.set( "[Request][HeadersFlattened]#{name}", value)
      }
    '
  }

Which will get you this if your event is a single JSON object from that array.

        "HeadersFlattened" => {
                      "accept" => "application/json",
                "content-type" => "multipart/form-data; boundary=----WebKitFormBoundaryBnMGtRJgyfhSDZt3",
                      "cookie" => "GREEDY",
                      "origin" => "https://www.example.net",
                  "user-agent" => "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
               "cache-control" => "no-cache",
            "x-requested-with" => "XMLHttpRequest",
                        "Host" => "www.example.net",
                     "referer" => "https://www.example.net/bla.aspx",
              "Content-Length" => "226245",
             "accept-encoding" => "gzip, deflate, br",
             "accept-language" => "es-ES,es;q=0.8",
                      "x-ajax" => "example"
        },

Topic		Replies	Views
Logstash and JSON array split Logstash	5	324	October 16, 2020
Filter JSON Array Using Logstash Logstash	2	496	March 25, 2022
Nested array of Json Logstash	2	318	April 12, 2018
Array Logstash json Logstash	1	284	December 3, 2018
Flatten JSON Array in Logstash Filter Logstash	3	10384	April 16, 2018

[SOLVED] Split filter question a.k.a flatten json sub array

Related topics