Splitting fields into new documents

Badger · October 8, 2020, 3:55pm

You can do that using ruby

    json { source => "message" target => "[@metadata][json]" remove_field => [ "message" ] }
    ruby {
        code => '
            a = []
            a[0] = {}
            event.get("[@metadata][json]").each { |k, v|
                if k =~ /\w+\.\d+/
                    m = k.scan(/(\w+)\.(\d+)/)
                    a[m[0][1].to_i] ||= {}
                    a[m[0][1].to_i][m[0][0]] = v
                else
                    a[0][k] = v
                end
            }
            event.set("stuff", a)
        '
    }
    split { field => "stuff" }

Topic		Replies	Views
Logstash Filter - Breaking up fields into multiple documents Logstash	5	2239	June 8, 2020
Split document into multiple documents Logstash	13	1476	May 25, 2022
Split Value into different document Logstash	2	166	June 28, 2023
How to split one line document into several documents using logstash? Logstash	2	101	March 14, 2024
How to remove document I logstash pipilnie that has no usefull fields Logstash	9	419	November 23, 2020

Splitting fields into new documents

Related topics