You can do that using ruby
json { source => "message" target => "[@metadata][json]" remove_field => [ "message" ] }
ruby {
code => '
a = []
a[0] = {}
event.get("[@metadata][json]").each { |k, v|
if k =~ /\w+\.\d+/
m = k.scan(/(\w+)\.(\d+)/)
a[m[0][1].to_i] ||= {}
a[m[0][1].to_i][m[0][0]] = v
else
a[0][k] = v
end
}
event.set("stuff", a)
'
}
split { field => "stuff" }