extract specific data from numpy ndarray

I think you need first convert string reperesentation of dicts to dictionaries in each row by json.loads or ast.literal_eval in column payload, then create new DataFrame by constructor, filter columns by subset, and if necessary add original columns by concat:

d = {'_id__$oid': ['542f8', '542f8', '542f8'], 'channel': ['snort_alert', 'snort_alert', 'snort_alert'], 'payload': ['{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}', '{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}', '{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}']}
reqcols=['_id__$oid','payload','channel']
df = pd.DataFrame(d)
print (df)
  _id__$oid      channel                                            payload
0     542f8  snort_alert  {"destination_ip":"172.31.14.66","date": "2014...
1     542f8  snort_alert  {"destination_ip":"172.31.14.66","date": "2014...
2     542f8  snort_alert  {"destination_ip":"172.31.14.66","date": "2014...

import json
import ast
df.payload = df.payload.apply(json.loads)
#another slowier solution
#df.payload = df.payload.apply(ast.literal_eval)

required = ["destination_ip", "proto", "source_ip", "date", "sensor"]
df1 = pd.DataFrame(df.payload.values.tolist())[required]
print (df1)
  destination_ip proto   source_ip                        date  \
0   172.31.14.66   UDP  172.31.0.2  2014-10-19T01:32:36.669861   
1   172.31.14.66   UDP  172.31.0.2  2014-10-19T01:32:36.669861   
2   172.31.14.66   UDP  172.31.0.2  2014-10-19T01:32:36.669861   

                                 sensor  
0  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  
1  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  
2  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  

df2 = pd.concat([df[['_id__$oid','channel']], df1], axis=1)
print (df2)
  _id__$oid      channel destination_ip proto   source_ip  \
0     542f8  snort_alert   172.31.14.66   UDP  172.31.0.2   
1     542f8  snort_alert   172.31.14.66   UDP  172.31.0.2   
2     542f8  snort_alert   172.31.14.66   UDP  172.31.0.2   

                         date                                sensor  
0  2014-10-19T01:32:36.669861  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  
1  2014-10-19T01:32:36.669861  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  
2  2014-10-19T01:32:36.669861  5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e  

Timings:

#[30000 rows x 3 columns]
df = pd.concat([df]*10000).reset_index(drop=True)
print (df)

In [38]: %timeit pd.DataFrame(df.payload.apply(json.loads).values.tolist())[required]
1 loop, best of 3: 379 ms per loop

In [39]: %timeit pd.read_json('[{}]'.format(df.payload.str.cat(sep=',')))[required]
1 loop, best of 3: 528 ms per loop

In [40]: %timeit pd.DataFrame(df.payload.apply(ast.literal_eval).values.tolist())[required]
1 loop, best of 3: 1.98 s per loop