Parsing nested JSON string in Logstash

thanks to @Alcanzar here is what I did

input { 
  stdin { } 
}  

filter {
  json {
    source => "message"
    target => "message"
  }
  json {
    source => "[message][atts]"
    target => "[message][atts]"
  }

}
 output { stdout { codec => rubydebug  }}

There is a json filter. Just pass it the field you want to parse and a target where you want it.

Something like:

json {
  source => "[parsed][atss]"
  target => "[parsed][newfield]"
}

I'm not sure if you can put atss as new field. It might or might not work. If it doesn't, use the mutate filter to remove_field and rename_field.

As of August 5 2020, In logstash 7.8.0, the JSON filter now parses nested strings.
I had the following string stored in a Postgres column, lets call it "column-1"

{ "XYZ" : {"A" : "B", "C" : "D", "E" : "F"} }

My json filter looked like this

json {
    source => "column-1"
    target => "column-1"
}

And it was parsed as a nested dictionary in my Elasticsearch Index

The difference from the accepted answer is that now we just need a single json filter instead of multiple ones.

Parsing nested JSON string in Logstash

Tags:

Logstash

Related

Recent Posts