Split json array into multiple documents

manramu22 · May 8, 2023, 7:00am

Hi Logstash community,

I have the following json coming from http_poller. I want to split that into multiple json documents and feed into Elasticsearch. Pls suggest json filter or split. Thanks in advance

Input JSON

{
    "result": [
        {
			"fname": "A",
			"lname": "B"
         },
		 {
			"fname": "C",
			"lname": "D"
         },
		 {
			"fname": "E",
			"lname": "F"
         }
    ]
}

Expected Document1:

 {
			"fname": "A",
			"lname": "B"
         }

Expected Document2:

{
			"fname": "C",
			"lname": "D"
         }

Expected Document3:

{
			"fname": "E",
			"lname": "F"
         }

Priscilla_Parodi · May 31, 2023, 12:35am

Hello @manramu22,

Welcome to the community!

You can consider using the split filter plugin. The field being split can either be a string or an array.

In your Logstash pipeline, it would be something like:

filter {
   split {
     field => "result"
   }
}

system · June 28, 2023, 12:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.