How To Dynamically Move Nested Key Value To Root Level?

How To Dynamically Move Nested Key Value To Root Level?

My logstash data output is

{
“host” => “127.0.0.1”,
“@timestamp” => 2021-06-25T21:00:00.000Z,
“@version” => “1”,
“fields” => {
“data1” => “mydata1”,
“data2” => “mydata2”,
“data3” => “mydata3”
}
}

I wanna move all fields within “fields” to root level. This is possible by defining “add_field” and move all nested fields from “fields” but field names are dynamic for example “data4” may be added and some other fields may be removed. How to do it dynamically?


ANSTry the below code block in the logstash filter

ruby {
code => ‘
event.get(“fields”).each { |k, v|
event.set(k,v) }
event.remove(“fields”)

}

    • Related Articles

    • unable to read data from ES having nested fields 505

       Solution Document ICICI || unable to read data from ES having nested fields   Overview General/Customer specific General Author Tejaswi Botla Reviewer NA Approver  NA  Release date 18/08/2022 Product Version 8.5r5 Audience: ...

    • How to recover Vunet User Password

      How to Reset Forgotten Root Password in Ubuntu    Firstly, you need to either power on or reboot your Ubuntu system. You should get a grub menu as shown below. If you are running your system on VirtualBox, press the ‘SHIFT’ key on the keyboard to ...

    • SOP for Docker based VuSmartMaps

      Introduction This document aims to provide standard operating procedure to handle diagnostics and troubleshooting of VuSmartMaps container based installations. Assumptions This SOP assumes a container installation of vuSmartMaps catering to the new ...

    • Unable to get appropriate server status through heartbeat-571

       Solution Document ICICI || Unable to get appropriate server status through heartbeat Overview General/Customer specific General Author Ashna Rajput Reviewer Deepak,Tejaswi Approver  Ravi Release date 20/09/2022 Product Version 8.5r5 Audience: ...

    • Elasitcsearch : Cluster health showing red and unassigned shards.

      Question: When we check cluster health it shows red and unassigned shards. This causes indexing of new document failure we can perform read operation. Answer: ​This issue occurs when shards get unassigned from elasticsearch  cluster node. ...