Solved: Re: Parsing log content JSON

susmita_k · ‎29 Jan 2025

I am trying to parse this log content and get the data from the JSON. I need event type, and event_timestamp. Can anyone help with the DQL? Thanks in advance.

2025-01-29 09:37:46,297 app-name [main] DEBUG .util.MessageUtility - Message: {"event_id": "a", "event_source": b, "event_type": "1", "event_taxonomy": "CASE", "event_correlationId": "b967e031", "event_timestamp": 12345678, "event_message": {"agreement_number": "123", "case_type": "A", "previous_status": "000", "new_status": "", "case_id": "123", "schedule_number": null, "additional_info": null}}

gbaudart · ‎29 Jan 2025

Hi @susmita_k ,

you can try this (after your fetch and yours filters) :

| parse content, "LD 'Message: 'JSON:json"
| fieldsFlatten json, fields:{event_type,event_timestamp}

Let me know if it works.

Dynatrace Partner - Professional Certified - DynaMight

susmita_k · ‎29 Jan 2025

yes, it worked, at the same time I am trying to get the log timestamp in EST time, by using below DQL, however, not able to get the result, did I miss anything ?

|PARSE content ,"TIMESTAMP('yyyy-MM-dd HH:mm:ss,SSS'):timestamp_parsed"
|fieldsAdd log_timestamp == formatTimestamp(timestamp_parsed,format:"yyyy-MM-dd HH:mm:ss,SSS", timezone:"US/Eastern")

gbaudart · ‎29 Jan 2025

Try with only one "="

| FieldsAdd log_timestamp = formatTimestamp(timestamp_parsed,format:"yyyy-MM-dd HH:mm:ss,SSS", timezone:"US/Eastern")

Dynatrace Partner - Professional Certified - DynaMight

susmita_k · ‎29 Jan 2025

Thanks so much 🙂