Split json array into multiple documents

manramu22 · May 8, 2023, 7:00am

Hi Logstash community,

I have the following json coming from http_poller. I want to split that into multiple json documents and feed into Elasticsearch. Pls suggest json filter or split. Thanks in advance

Input JSON

{
    "result": [
        {
			"fname": "A",
			"lname": "B"
         },
		 {
			"fname": "C",
			"lname": "D"
         },
		 {
			"fname": "E",
			"lname": "F"
         }
    ]
}

Expected Document1:

 {
			"fname": "A",
			"lname": "B"
         }

Expected Document2:

{
			"fname": "C",
			"lname": "D"
         }

Expected Document3:

{
			"fname": "E",
			"lname": "F"
         }

Priscilla_Parodi · May 31, 2023, 12:35am

Hello @manramu22,

Welcome to the community!

You can consider using the split filter plugin. The field being split can either be a string or an array.

In your Logstash pipeline, it would be something like:

filter {
   split {
     field => "result"
   }
}

system · June 28, 2023, 12:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to split array json into multiple fields Logstash	4	1402	April 10, 2021
Split Value into different document Logstash	2	166	June 28, 2023
Multiple Elasticsearch documents in Logstash output Logstash	3	1081	July 6, 2017
Split a JSON array into individual documents in Logstash Logstash	8	1435	August 27, 2020
Split Json Array Objects Logstash	9	1778	April 15, 2020

Split json array into multiple documents

Related topics