cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Parse Json logs with a compact json formatter

faraz
Newcomer

Hi, 
I am trying to come up with a query to parse the incoming log with compact json format from Serilog

The problem I am facing is I cant use @ for the matcher name. 

Sample log

{"@t":"2024-09-11T05:25:43.6670035Z","@mt":"Finished publishing product updates.","@tr":"84074a2818729843acdaa18a3650fed5"}

Query

fetch logs
| filter matchesPhrases (content,"12025657") // to get the exact logs
| parse content, "JSON:structuredLog"
| fieldsadd client_time = structuredLog[@t] // <--- Syntax Error here with the @t 

Any advice would be appreciated 

Thanks 

 

2 REPLIES 2

PedroSantos
Helper

Hi @faraz,

You can try using back ticks as detailed here:

Similar Problem 

As a side note, your matchesPhrases function should be matchPhrase 🙂

 

 

 

fetch logs
| filter matchesPhrase(content,"12025657") // to get the exact logs
| parse content, "JSON:structuredLog"
| fieldsadd client_time = structuredLog[`@t`] // <--- Added back ticks here on @t 

 

 

 

I tested and DQL didn't complain for me, see if it works for you.

To make an error is human. To spread the error across all servers in an automated way is DevOps.

Works like a charm. 

Thanks @PedroSantos 

Featured Posts