To extract fields from a query string

neal1991 · November 15, 2017, 7:34am

Assume that there is a field like:

Cmd=FolderSync&User=ABC&DeviceId=androidc737881212&DeviceType=Android&Log=V141

I can use mutate to split the field into an array.
it will just like ['Cmd=FolderSync....]
But I want to convert the array to a json-like object like:

{
  “Cmd”: "FolderSync",
  ...
}

Or convert to fileds.
Is there any way can do this?

magnusbaeck · November 15, 2017, 7:37am

Use a kv filter. Its documentation contains an example of exactly what you want to do.

neal1991 · November 15, 2017, 7:46am

If kv conflicts with grok? Because I am trying to use grok parse the log. And then addressing the query field to jsonify.

magnusbaeck · November 15, 2017, 12:17pm

If kv conflicts with grok?

It's not clear what you mean by this. Please give an example.

neal1991 · November 15, 2017, 12:45pm

I have tried, it works. Thanks.

system · December 13, 2017, 12:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pull values from array of json Logstash	8	324	May 7, 2019
Extract string from JSON and put into new value Logstash	8	6091	December 22, 2017
How to split field value into an array? Logstash	2	3745	September 14, 2020
How to convert a field string to list in logstash Logstash	5	1540	July 7, 2017
Converting term array into individually name fields Logstash	3	678	July 6, 2017

To extract fields from a query string

Related topics