11 Sep 2024 01:43 PM
Hi,
I am trying to come up with a query to parse the incoming log with compact json format from Serilog
The problem I am facing is I cant use @ for the matcher name.
Sample log
{"@t":"2024-09-11T05:25:43.6670035Z","@mt":"Finished publishing product updates.","@tr":"84074a2818729843acdaa18a3650fed5"}
Query
fetch logs
| filter matchesPhrases (content,"12025657") // to get the exact logs
| parse content, "JSON:structuredLog"
| fieldsadd client_time = structuredLog[@t] // <--- Syntax Error here with the @t
Any advice would be appreciated
Thanks
Solved! Go to Solution.
11 Sep 2024 04:24 PM - edited 11 Sep 2024 04:26 PM
Hi @faraz,
You can try using back ticks as detailed here:
As a side note, your matchesPhrases function should be matchPhrase 🙂
fetch logs
| filter matchesPhrase(content,"12025657") // to get the exact logs
| parse content, "JSON:structuredLog"
| fieldsadd client_time = structuredLog[`@t`] // <--- Added back ticks here on @t
I tested and DQL didn't complain for me, see if it works for you.
12 Sep 2024 12:29 AM
Works like a charm.
Thanks @PedroSantos