We Keep Coding

logstash parse json child element, format and insert into elasticsearch

I have a json file like this:
"fruits": {
"fruit": [
{
"id": 1,
"label": "test",
"tag": "fine",
"start": "4",
"end": "9"
},
{
"id": 2,
"label": "test1",
"tag": "fine1",
"start": "2",
"end": "4"
}
]
}
}
I have 100s of elements inside "fruit" field. I want to:
insert only the elements inside "fruit" field to the elasticsearch each as an individual doc. I want to use their own id as elasticsearch doc id.
calculate numbers in between "start" and "end" fields, then add those numbers as a comma separated string to a new field inside each doc.
The docs I want to insert into elasticsearch will be as follows:
{
{
"_index" : "my_index",
"_type" : "_doc",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"id" : "1",
"label": "test",
"tag": "fine",
"start": "4",
"end": "9",
"diffs": "4,5,6,7,8,9"
}
},
{
"_index" : "my_index",
"_type" : "_doc",
"_id" : "2",
"_score" : 1.0,
"_source" : {
"id" : "2",
"label": "test1",
"tag": "fine1",
"start": "2",
"end": "4",
"diffs": "2,3,4"
}
}
}
Can anyone help me with the logstash configuration file to achieve the desired output? I am using ELK version 7.x
Thanks

Finally I could solve the requirement following this instruction.
https://discuss.elastic.co/t/logstash-parse-json-child-element-format-and-insert-into-elasticsearch/312230/7

How can I convert a JSON traffic packet into JSON format for bulk import into Elasticsearch?

I am trying to convert some JSON files about TCP and DNP3 traffic into bulk import into Elasticsearch. I've already know that tshark has a command that can generate JSON for bulk import from a pcap:
tshark -T ek -r dnp3_trace.pcap > dnp3_trace.json
However, I haven't got the pcaps for some JSON files and I don't know if there is something that could transform the JSON into bulk index.
For example, I provide an example of my JSON that I would like to convert into bulk index:
{
"_index": "packets-2020-10-17",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "ens224"
},
"frame.encap_type": "1",
"frame.time": "Oct 17, 2020 10:51:44.072688465 Central Daylight Time",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1602949904.072688465",
"frame.time_delta": "0.000000000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "0.000000000",
"frame.number": "1",
"frame.len": "72",
"frame.cap_len": "72",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:dnp3",
"frame.coloring_rule.name": "TCP",
"frame.coloring_rule.string": "tcp"
},
"eth": {
"eth.dst": "00:00:00:aa:00:25",
"eth.dst_tree": {
"eth.dst_resolved": "00:00:00_aa:00:25",
"eth.dst.oui": "0",
"eth.dst.oui_resolved": "Officially Xerox, but 0:0:0:0:0:0 is more common",
"eth.addr": "00:00:00:aa:00:25",
"eth.addr_resolved": "00:00:00_aa:00:25",
"eth.addr.oui": "0",
"eth.addr.oui_resolved": "Officially Xerox, but 0:0:0:0:0:0 is more common",
"eth.dst.lg": "0",
"eth.lg": "0",
"eth.dst.ig": "0",
"eth.ig": "0"
},
"eth.src": "00:50:56:9c:5f:cc",
"eth.src_tree": {
"eth.src_resolved": "VMware_9c:5f:cc",
"eth.src.oui": "20566",
"eth.src.oui_resolved": "VMware, Inc.",
"eth.addr": "00:50:56:9c:5f:cc",
"eth.addr_resolved": "VMware_9c:5f:cc",
"eth.addr.oui": "20566",
"eth.addr.oui_resolved": "VMware, Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "58",
"ip.id": "0x000009f9",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000c405",
"ip.checksum.status": "2",
"ip.src": "172.16.0.2",
"ip.addr": "172.16.0.2",
"ip.src_host": "172.16.0.2",
"ip.host": "172.16.0.2",
"ip.dst": "192.168.0.5",
"ip.addr": "192.168.0.5",
"ip.dst_host": "192.168.0.5",
"ip.host": "192.168.0.5"
},
"tcp": {
"tcp.srcport": "41391",
"tcp.dstport": "20000",
"tcp.port": "41391",
"tcp.port": "20000",
"tcp.stream": "0",
"tcp.len": "18",
"tcp.seq": "1",
"tcp.seq_raw": "3359839259",
"tcp.nxtseq": "19",
"tcp.ack": "1",
"tcp.ack_raw": "1388983197",
"tcp.hdr_len": "20",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "501",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x00006cec",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.analysis": {
"tcp.analysis.bytes_in_flight": "18",
"tcp.analysis.push_bytes_sent": "18"
},
"Timestamps": {
"tcp.time_relative": "0.000000000",
"tcp.time_delta": "0.000000000"
},
"tcp.payload": "05:64:0b:c4:59:02:01:00:d4:49:ca:ca:01:3c:01:06:d1:ff",
"tcp.pdu.size": "18"
},
"dnp3": {
"Data Link Layer, Len: 11, From: 1, To: 601, DIR, PRM, Unconfirmed User Data": {
"dnp3.start": "0x00000564",
"dnp3.len": "11",
"dnp3.ctl": "0x000000c4",
"dnp3.ctl_tree": {
"dnp3.ctl.dir": "1",
"dnp3.ctl.prm": "1",
"dnp3.ctl.fcb": "0",
"dnp3.ctl.fcv": "0",
"dnp3.ctl.prifunc": "4"
},
"dnp3.dst": "601",
"dnp3.addr": "601",
"dnp3.src": "1",
"dnp3.addr": "1",
"dnp3.hdr.CRC": "0x000049d4",
"dnp.hdr.CRC.status": "1"
},
"dnp3.tr.ctl": "0x000000ca",
"dnp3.tr.ctl_tree": {
"dnp3.tr.fin": "1",
"dnp3.tr.fir": "1",
"dnp3.tr.seq": "10"
},
"Data Chunks": {
"Data Chunk: 0": {
"dnp.data_chunk": "ca:ca:01:3c:01:06",
"dnp.data_chunk_len": "6",
"dnp.data_chunk.CRC": "0x0000ffd1",
"dnp.data_chunk.CRC.status": "1"
}
},
"dnp3.al.fragments": {
"dnp3.al.fragment": "1",
"dnp3.al.fragment.count": "1",
"dnp3.al.fragment.reassembled.length": "5"
},
"Application Layer: (FIR, FIN, Sequence 10, Read)": {
"dnp3.al.ctl": "0x000000ca",
"dnp3.al.ctl_tree": {
"dnp3.al.fir": "1",
"dnp3.al.fin": "1",
"dnp3.al.con": "0",
"dnp3.al.uns": "0",
"dnp3.al.seq": "10"
},
"dnp3.al.func": "1",
"READ Request Data Objects": {
"dnp3.al.obj": "15361",
"dnp3.al.obj_tree": {
"Qualifier Field, Prefix: None, Range: No Range Field": {
"dnp3.al.objq.prefix": "0",
"dnp3.al.objq.range": "6"
},
"Number of Items: 0": ""
}
}
}
}
}
}
}
My goal would be to convert this JSON in this format:
{"index":{"_index":"packets-2019-10-25","_type":"doc"}}
{"timestamp":"1571994793106","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"2019-10-25T09:13:13.106208000Z","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1571994793.106208000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"78","frame_frame_cap_len":"78","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:tcp:dnp3"},"eth":{"eth_eth_dst":"50:7b:9d:76:77:d5","eth_eth_dst_resolved":"LCFCHeFe_76:77:d5","eth_eth_dst_oui":"5274525","eth_eth_dst_oui_resolved":"LCFC(HeFei) Electronics Technology co., ltd","eth_eth_addr":"50:7b:9d:76:77:d5","eth_eth_addr_resolved":"LCFCHeFe_76:77:d5","eth_eth_addr_oui":"5274525","eth_eth_addr_oui_resolved":"LCFC(HeFei) Electronics Technology co., ltd","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"d8:50:e6:05:a3:1e","eth_eth_src_resolved":"ASUSTekC_05:a3:1e","eth_eth_src_oui":"14176486","eth_eth_src_oui_resolved":"ASUSTek COMPUTER INC.","eth_eth_addr":"d8:50:e6:05:a3:1e","eth_eth_addr_resolved":"ASUSTekC_05:a3:1e","eth_eth_addr_oui":"14176486","eth_eth_addr_oui_resolved":"ASUSTek COMPUTER INC.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"64","ip_ip_id":"0x0000259f","ip_ip_flags":"0x00004000","ip_ip_flags_rb":false,"ip_ip_flags_df":true,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"6","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.1.150","ip_ip_addr":["192.168.1.150","192.168.1.200"],"ip_ip_src_host":"192.168.1.150","ip_ip_host":["192.168.1.150","192.168.1.200"],"ip_ip_dst":"192.168.1.200","ip_ip_dst_host":"192.168.1.200"},"tcp":{"tcp_tcp_srcport":"53543","tcp_tcp_dstport":"20000","tcp_tcp_port":["53543","20000"],"tcp_tcp_stream":"0","tcp_tcp_len":"24","tcp_tcp_seq":"1","tcp_tcp_seq_raw":"3354368014","tcp_tcp_nxtseq":"25","tcp_tcp_ack":"1","tcp_tcp_ack_raw":"3256068755","tcp_tcp_hdr_len":"20","tcp_tcp_flags":"0x00000018","tcp_tcp_flags_res":false,"tcp_tcp_flags_ns":false,"tcp_tcp_flags_cwr":false,"tcp_tcp_flags_ecn":false,"tcp_tcp_flags_urg":false,"tcp_tcp_flags_ack":true,"tcp_tcp_flags_push":true,"tcp_tcp_flags_reset":false,"tcp_tcp_flags_syn":false,"tcp_tcp_flags_fin":false,"tcp_tcp_flags_str":"·······AP···","tcp_tcp_window_size_value":"2052","tcp_tcp_window_size":"2052","tcp_tcp_window_size_scalefactor":"-1","tcp_tcp_checksum":"0x000084e1","tcp_tcp_checksum_status":"2","tcp_tcp_urgent_pointer":"0","tcp_tcp_analysis":null,"tcp_tcp_analysis_bytes_in_flight":"24","tcp_tcp_analysis_push_bytes_sent":"24","text":"Timestamps","tcp_tcp_time_relative":"0.000000000","tcp_tcp_time_delta":"0.000000000","tcp_tcp_payload":"05:64:11:c4:01:00:02:00:c3:5a:c8:c8:01:3c:02:06:3c:03:06:3c:04:06:c0:4c","tcp_tcp_pdu_size":"24"},"dnp3":{"text":["Data Link Layer, Len: 17, From: 2, To: 1, DIR, PRM, Unconfirmed User Data","Data Chunks","Application Layer: (FIR, FIN, Sequence 8, Read)"],"dnp3_dnp3_start":"0x00000564","dnp3_dnp3_len":"17","dnp3_dnp3_ctl":"0x000000c4","dnp3_dnp3_ctl_dir":true,"dnp3_dnp3_ctl_prm":true,"dnp3_dnp3_ctl_fcb":false,"dnp3_dnp3_ctl_fcv":false,"dnp3_dnp3_ctl_prifunc":"4","dnp3_dnp3_dst":"1","dnp3_dnp3_addr":["1","2"],"dnp3_dnp3_src":"2","dnp3_dnp3_hdr_CRC":"0x00005ac3","dnp3_dnp_hdr_CRC_status":"1","dnp3_dnp3_tr_ctl":"0x000000c8","dnp3_dnp3_tr_fin":true,"dnp3_dnp3_tr_fir":true,"dnp3_dnp3_tr_seq":"8","text":["Data Chunk: 0","READ Request Data Objects"],"dnp3_dnp_data_chunk":"c8:c8:01:3c:02:06:3c:03:06:3c:04:06","dnp3_dnp_data_chunk_len":"12","dnp3_dnp_data_chunk_CRC":"0x00004cc0","dnp3_dnp_data_chunk_CRC_status":"1","dnp3_dnp3_al_fragments":null,"dnp3_dnp3_al_fragment":"1","dnp3_dnp3_al_fragment_count":"1","dnp3_dnp3_al_fragment_reassembled_length":"11","dnp3_dnp3_al_ctl":"0x000000c8","dnp3_dnp3_al_fir":true,"dnp3_dnp3_al_fin":true,"dnp3_dnp3_al_con":false,"dnp3_dnp3_al_uns":false,"dnp3_dnp3_al_seq":"8","dnp3_dnp3_al_func":"1","dnp3_dnp3_al_obj":["15362","15363","15364"],"text":["Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0","Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0","Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0"],"dnp3_dnp3_al_objq_prefix":["0","0","0"],"dnp3_dnp3_al_objq_range":["6","6","6"]}}}
If anyone has any solution or suggestion, I would appreciate it :)
Thanks in advance.

Highchart : How to plot Stacked bar graph with line by below JSON respons

I am using below Json to plot the stacked graph with line (look like below screenshot)
[{
"TD": "2",
"TE": "5",
"TI": "3",
"TLI": "2",
"TR": "2",
"hour": "0",
"totalCount": "14"
},
{
"FINGERVERIFY": "4",
"LI": "1",
"TD": "3",
"TE": "9",
"TI": "4",
"TLI": "3",
"TLIP": "2",
"TR": "3",
"hour": "1",
"totalCount": "29"
},
{
"LI": "1",
"LIP": "1",
"LLI": "1",
"LLIP": "1",
"LR": "1",
"LRP": "1",
"hour": "2",
"totalCount": "6"
},
{
"FE": "2",
"TE": "2",
"hour": "8",
"totalCount": "4"
}
]
Chart Image
Description of chart based on the below points:-
x-axis : "hours" from Json property
tip of the line shows the "totalCount"
stacked bar shows the other property of Json.
Can anyone please help me to achive above graph which is simlar to screenshot, by using above Json?

Based on your data, you need to build a series structure required by Highcharts. Example:
const series = [];
data.forEach(dataEl => {
for (const key in dataEl) {
if (key === 'hour') continue;
const existingSeries = series.find(s => s.name === key);
if (!existingSeries) {
series.push({
name: key,
type: key === 'totalCount' ? 'line' : 'column',
data: [[Number(dataEl.hour), Number(dataEl[key])]]
});
} else {
existingSeries.data.push([Number(dataEl.hour), Number(dataEl[key])]);
}
}
});
Live demo: http://jsfiddle.net/BlackLabel/40pgqn9j/
API Reference: https://api.highcharts.com/highcharts/series

Elasticsearch query with nested sets

I am pretty new to Elasticsearch, so please bear with me and let me know if I need to provide any additional information. I have inherited a project and need to implement new search functionality. The document/mapping structure is already in place but can be changed if it can not facilitate what I am trying to achieve. I am using Elasticsearch version 5.6.16.
A company is able to offer a number of services. Each service offering is grouped together in a set. Each set is composer of 3 categories;
Product(s) (ID 1)
Process(es) (ID 3)
Material(s) (ID 4)
The document structure looks like;
[{
"id": 4485,
"name": "Company A",
// ...
"services": {
"595": {
"1": [
95, 97, 91
],
"3": [
475, 476, 471
],
"4": [
644, 645, 683
]
},
"596": {
"1": [
91, 89, 76
],
"3": [
476, 476, 301
],
"4": [
644, 647, 555
]
},
"597": {
"1": [
92, 93, 89
],
"3": [
473, 472, 576
],
"4": [
641, 645, 454
]
},
}
}]
In the above example; 595, 596 and 597 are IDs relating to the set. 1, 3 and 4 relate to the categories (mentioned above).
The mapping looks like;
[{
"id": {
"type": "long"
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"services": {
"properties": {
// ...
"595": {
"properties": {
"1": {"type": "long"},
"3": {"type": "long"},
"4": {"type": "long"}
}
},
"596": {
"properties": {
"1": {"type": "long"},
"3": {"type": "long"},
"4": {"type": "long"}
}
},
// ...
}
},
}]
When searching for a company that provides a Product (ID 1) - a search of 91 and 95 which would return Company A because those IDs are within the same set. But if I was to search 95 and 76, it would not return Company A - while the company does do both of these products, they are not in the same set. These same rules would apply when searching Processes and Materials or a combination of these.
I am looking for confirmation that the current document/mapping structure will facilitate this type of search.
If so, given 3 arrays of IDs (Products, Processes and Materials), what is the JSON to find all companies that provide these services within the same set?
If not, how should the document/mapping be changed to allow this search?
Thank you for your help.

It is a bad idea to have ID for what appears as a value as a field itself as that could lead to creation of so many inverted indexes, (remember that in Elasticsearch, inverted index is created on every field) and I feel it is not reasonable to have something like that.
Instead change your data model to something like below. I have also included sample documents, the possible queries you can apply and how the response can appear.
Note that just for sake of simplicity, I'm focussing only on the services field that you have mentioned in your mapping.
Mapping:
PUT my_services_index
{
"mappings": {
"properties": {
"services":{
"type": "nested", <----- Note this
"properties": {
"service_key":{
"type": "keyword" <----- Note that I have mentioned keyword here. Feel free to use text and keyword if you plan to implement partial + exact search.
},
"product_key": {
"type": "keyword"
},
"product_values": {
"type": "keyword"
},
"process_key":{
"type": "keyword"
},
"process_values":{
"type": "keyword"
},
"material_key":{
"type": "keyword"
},
"material_values":{
"type": "keyword"
}
}
}
}
}
}
Notice that I've made use of nested datatype. I'd suggest you to go through that link to understand why do we need that instead of using plain object type.
Sample Document:
POST my_services_index/_doc/1
{
"services":[
{
"service_key": "595",
"process_key": "1",
"process_values": ["95", "97", "91"],
"product_key": "3",
"product_values": ["475", "476", "471"],
"material_key": "4",
"material_values": ["644", "645", "643"]
},
{
"service_key": "596",
"process_key": "1",
"process_values": ["91", "89", "75"],
"product_key": "3",
"product_values": ["476", "476", "301"],
"material_key": "4",
"material_values": ["644", "647", "555"]
}
]
}
Notice how you can now manage your data, if it ends up having multiple combinations or product_key, process_key and material_key.
The way you interpret the above document is that, you have two nested documents inside a document of my_services_index.
Sample Query:
POST my_services_index/_search
{
"_source": "services.service_key",
"query": {
"bool": {
"must": [
{
"nested": { <---- Note this
"path": "services",
"query": {
"bool": {
"must": [
{
"term": {
"services.service_key": "595"
}
},
{
"term": {
"services.process_key": "1"
}
},
{
"term": {
"services.process_values": "95"
}
}
]
}
},
"inner_hits": {} <---- Note this
}
}
]
}
}
}
Note that I've made use of Nested Query.
Response:
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.828546,
"hits" : [ <---- Note this. Which would return the original document.
{
"_index" : "my_services_index",
"_type" : "_doc",
"_id" : "1",
"_score" : 1.828546,
"_source" : {
"services" : [
{
"service_key" : "595",
"process_key" : "1",
"process_values" : [
"95",
"97",
"91"
],
"product_key" : "3",
"product_values" : [
"475",
"476",
"471"
],
"material_key" : "4",
"material_values" : [
"644",
"645",
"643"
]
},
{
"service_key" : "596",
"process_key" : "1",
"process_values" : [
"91",
"89",
"75"
],
"product_key" : "3",
"product_values" : [
"476",
"476",
"301"
],
"material_key" : "4",
"material_values" : [
"644",
"647",
"555"
]
}
]
},
"inner_hits" : { <--- Note this, which would tell you which inner document has been a hit.
"services" : {
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.828546,
"hits" : [
{
"_index" : "my_services_index",
"_type" : "_doc",
"_id" : "1",
"_nested" : {
"field" : "services",
"offset" : 0
},
"_score" : 1.828546,
"_source" : {
"service_key" : "595",
"process_key" : "1",
"process_values" : [
"95",
"97",
"91"
],
"product_key" : "3",
"product_values" : [
"475",
"476",
"471"
],
"material_key" : "4",
"material_values" : [
"644",
"645",
"643"
]
}
}
]
}
}
}
}
]
}
}
Note that I've made use of keyword datatype. Please feel free to use the datatype as and what your business requirements would be for all the fields.
The idea I've provided is to help you understand the document model.
Hope this helps!

Passing JSON value using jq command to a new JSON file

I ran curl command and then parsed the value ("id").
request:
curl "http://192.168.22.22/test/index/limit:1/page:1/sort:id/pag1.json" | jq -r '.[0].id'
curl response:
[
{
"id": "381",
"org_id": "9",
"date": "2018-10-10",
"info": "THIS IS TEST",
"uuid": "5bbd1b41bc",
"published": 1,
"an": "2",
"attribute_count": "4",
"orgc_id": "8",
"timestamp": "1",
"dEST": "0",
"sharing": "0",
"proposal": false,
"locked": false,
"level_id": "1",
"publish_timestamp": "0",
"disable_correlation": false,
"extends_uuid": "",
"Org": {
"id": "5",
"name": "test",
"uuid": "5b9bc"
},
"Orgc": {
"id": "1",
"name": "test",
"uuid": "5b9f93bdeac1b41bc"
},
"ETag": []
}
]
jq response:
381
Now I'm trying to get the "id" number 381, and then to create a new JSON file on the disk when I place the "id" number in the right place.
The new JSON file for example:
{
"request": {
"Event": {
"id": "381",
"task": "new"
}
}
}

Given your input, this works:
jq -r '{"request": {"Event": {"id": .[0].id, "task": "new"}}}' > file