Hello,
I am trying to convert this input
{
"request": {
"time": "2020-04-30T07:32:13.997Z",
"size": "0",
"headers": [
{
"key": "Correlation-Id",
"value": "124f4cdf-6cd7-44ae-a8dc-2ecf2b187f42"
},
{
"key": "host",
"value": "api.local.host"
},
{
"key": "x-forwarded-for",
"value": "1.1.1.1"
},
{
"key": "x-forwarded-port",
"value": "443"
},
{
"key": "x-forwarded-proto",
"value": "https"
}
],
"httpMethod": "GET",
"httpSchema": "https"
}
}
into
{
"request": {
"time": "2020-04-30T07:32:13.997Z",
"size": "0",
"headers": {
"Correlation-Id": "124f4cdf-6cd7-44ae-a8dc-2ecf2b187f42",
"host": "api.local.host",
"x-forwarded-for": "1.1.1.1",
"x-forwarded-port": "443",
"x-forwarded-proto": "https"
},
"httpMethod": "GET",
"httpSchema": "https"
}
}
I have tried to inspirate by Splitting Array and others but using following filter:
filter {
json {
source => "message"
remove_field => ["message"]
}
ruby {
#code => "event.get('[request][headers]').each {|hash| event.set(hash['key'], hash['value']) }"
code => "event.get('[request][headers]').each {|hash| event.set('[request][headers][' + hash['key'] + ']', hash['value']) }"
}
}
I am getting this:
"request" => {
"headers" => [
[0] {
"value" => "124f4cdf-6cd7-44ae-a8dc-2ecf2b187f42",
"key" => "Correlation-Id"
},
[1] {
"value" => "api.local.host",
"key" => "host"
},
[2] {
"value" => "1.1.1.1",
"key" => "x-forwarded-for"
},
[3] {
"value" => "443",
"key" => "x-forwarded-port"
},
[4] {
"value" => "https",
"key" => "x-forwarded-proto"
}
],
Any idea what I am doing wrong?