This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Failures on processing logs

Go to solution
isi-consultor-m
Visitor

‎02 Jun 2025 10:14 PM

Hi Everyone, 

I'm trying to extract a field to convert it into a metric using processing logs. 

My log sample is:

{
"event.type": "LOG",
"content": "2025-06-02 15:17:19.015 -05:00 RegistrarProcesoTDAsync solicitado. Parámetros: {\"NumeroTarjeta\":\"4863550000xxxxxx\",\"FechaExpiracion\":\"xxxx\",\"TipoTransaccion\":\"00\",\"PaisTransaccion\":333,\"TipoComercio\":\"0000\",\"ValorDebito\":55.55,\"Descripcion\":\"SUPER CENTRO  PA\",\"CompraParcial\":\"N\",\"IdTransaccion\":\"20250FFF-03-461YYY-3634ZZZ-51532000UUUU\",\"TraceID\":\"557XXXX\",\"CodigoCanal\":13}"
}

On processor definition a put the following:
PARSE(content, "LD JSON{INT:CodigoCanal}(flat=true)")
| FIELDS_RENAME(Canal:CodigoCanal)

 

Then when run test the rule, an error message appears: "The matcher query doesn't match the provided log sample."

Can you help me by telling me what i'm missing?

Thanks in advance

 

Labels:
0 Kudos
Reply
1 REPLY 1

Go to solution
GerardJ
Mentor

‎03 Jun 2025 09:25 AM

Hi @isi-consultor-m 
This error message means that your log sample doesn't match the matching condition.
Example of a matching condition in a pipeline :

GerardJ_0-1748939090526.png

 

Gerard
Reply
Ask a question

Featured Posts