Describe the enhancement:
httpjson input currently supports collecting a different event for each object contained in a JSON array. There are two options for that: json_objects_array, that collects the objects in an array directly as separate documents, and split_events_by, that does something similar, but adding the fields of the parent JSON object.
There are cases where multiple events are sent in a hash instead of a list. Something like this:
{
"events": {
"someid01": {
"time": "2020-09-29 11:54:27",
"action": "log in"
},
"someid02": {
"time": "2020-09-29 12:43:27",
"action": "create user"
}
}
}
There could be something like a json_objects_map, so with the following configuration it is able to collect events from a response like the previous one:
- type: httpjson
json_objects_map:
map: events
key_field: id
Previous configuration, would collect something like these two events for the previous example:
{
"id": "someid01",
"time": "2020-09-29 11:54:27",
"action": "log in"
}
{
"id": "someid02",
"time": "2020-09-29 12:43:27",
"action": "create user"
}
Describe a specific use case for the enhancement or feature:
Describe the enhancement:
httpjsoninput currently supports collecting a different event for each object contained in a JSON array. There are two options for that:json_objects_array, that collects the objects in an array directly as separate documents, andsplit_events_by, that does something similar, but adding the fields of the parent JSON object.There are cases where multiple events are sent in a hash instead of a list. Something like this:
There could be something like a
json_objects_map, so with the following configuration it is able to collect events from a response like the previous one:Previous configuration, would collect something like these two events for the previous example:
Describe a specific use case for the enhancement or feature: