logstash - How to split a JSON array inside an object -


i have json-message array in array. want split multiple events:

{ "type": "monitor", "server": "10.111.222.333", "host": "abc.de", "bean": [{     "name": "beanname1",     "reseted": "2015-06-05t15:10:00.192z",     "method": [{       "name": "getallxy",       "count": 5,       "min": 3,       "max": 5     },     {       "name": "getname",       "count": 4,       "min": 2,       "max": 4     }]   },   {     "name": "beanname2",     "reseted": "2015-06-05t15:10:00.231z",     "method": [{       "name": "getproperty",       "count": 4,       "min": 3,       "max": 3     }]   },   {     "name": "beanname3",     "reseted": "2015-06-05t15:10:00.231z"   }] }

using filter split "bean":

input {   stdin {     codec => "json"   } }  filter {   split {     field => "bean"   } }  output {   stdout{codec => "json"} }

is working well:

{"type":"monitor",  "server":"10.111.222.333",  "host":"abc.de",  "bean":{    "name":"beanname1",    "reseted":"2015-06-05t15:10:00.192z",    "method":[{      "name":"getallxy",      "count":5,      "min":3,      "max":5      },{      "name":"getname",      "count":4,      "min":2,      "max":4     }]},  "@version":"1",  "@timestamp":"2015-07-14t09:21:18.326z" }  {"type":"monitor",  "server":"10.111.222.333",  "host":"abc.de",  "bean":{    "name":"beanname2",    "reseted":"2015-06-05t15:10:00.231z",    "method":[{      "name":"getproperty",      "count":4,      "min":3,      "max":3    }]},  "@version":"1",  "@timestamp":"2015-07-14t09:21:18.326z" }      ...

to seperate "methods", added split-filter: 

  split {     field => "bean"   }   split {     field => "bean.method"   }

but way error message:

exception in filterworker {"exception"=>#logstash::configurationerror: string , array types splittable. field:bean.method of type = nilclass

i can't access array "method" inside object "bean". tried different notations no luck. possible access array, maybe isn't supported yet?

the following code should want , return 1 event each method:

filter {     if !("splitted_beans" in [tags]) {         json {             source => "message"         }         split {              field => "bean"             add_tag => ["splitted_beans"]         }     }      if ( "splitted_beans" in [tags] , [bean][method] ) {         split {             field => "bean[method]"         }     } }

the second condition checks if first method successful , if method exists inside bean. works beans without methods well.


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

Rendering JButton to get the JCheckBox behavior in a JTable by using images does not update my table -

i rendering jbutton image on simulate jcheckbox behavior. why don't let jtable render jcheckbox? because need bigger checkboxes , there's no way can resize them (as far know). so, have own table cell renderer , editor. both renders jbutton , checkbox images on them. trying change image checked image unchecked image (or vice versa) , update cell value (boolean true or false). however, reason, getcelleditorvalue() not update table. so, release mouse, value goes original one. any appreciated! lot! public class tableexample extends jframe { jscrollpane pane; jpanel panel; jtable table; object[][] data; mytablemodel tm; renderer buttoncolumn; public tableexample(object[][] data) throws ioexception { string[] columns = {"column#1", "column#2", "column#3", "column#4", "column#5", "column#6"}; this.data = data; this.setpreferredsize(new dimension(700, 500));
Read more