How to cut and delete elements in an array with Logstash

Question

I have Json logs in an array as follows:

e":[{"n":"3/0/1","st":"CONTENT","v":"Sensortag"},
    {"n":"3/0/3","st":"CONTENT","v":"Contiki-develop-20150508-409-g2147b9e"},
    {"n":"3/0/13","st":"CONTENT","v":"1970-01-09T21:02:18Z"},
    {"n":"3301/0/5700","st":"CONTENT","v":"376.64"},
    {"n":"3303/0/5700","st":"CONTENT","v":"22.843"},
    {"n":"3304/0/5700","st":"CONTENT","v":"63.53"},
    {"n":"3315/0/5700","st":"CONTENT","v":"1000.34"}]

I would like to delete the first 3 elements from the array and keep the 4 last ones using a filter.

I have this as my filter:

filter {

   if ([type] == "testbed"){

           if [MessageParserJson][e[{}] in [MessageParserJson]{
                   mutate {
                           remove_field => ["[MessageparserJson][e[{0}]]" , "[MessageparserJson][e[{1}]]" , "[MessageParserJson][e[{2}]]"]
                           add_field => { "[MessageParserJson][e[{3}]]" => "MessageParser" }
                           add_field => { "[MessageParserJson][e[{4}]]" => "MessageParser" }

                           add_field => { "[MessageParserJson][e[{5}]]" => "MessageParser" }
                           add_field => { "[MessageParserJson][e[{6}]]" => "MessageParser" }
                            }
                           }

                   drop {
                           remove_field => ["MessageParserJson"]
                           }

 }
}

But Logstash puts itself in error

Answer 1

you could use the Ruby filter for that, to e.g. remove the first three elements this should work:

filter {
    ruby { 
        code => "event['MessageParserJson'].slice!(0,3)"
    }
}

Cheers