FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log Processing extract field from JSON array - parsing json

NicolasT
Organizer

‎02 Sep 2022 09:12 AM - last edited on ‎05 Sep 2022 08:50 AM by Community Team

Hello the community,

 

I try to build a Log processing parsing rule with a flat json (here attached expanded).

I would like to extract and define columns in logs menu with the values in the "inputs" array of :

- name

- kind

-status

 

I tried different syntax with json array etc but nothing is working and I am puzzled.

 

I was able to extract some simple values with this rule and a raw "inputs" json :

 

PARSE(content, "JSON{ STRING:level:status, JSON{ JSON_ARRAY{}:inputs, JSON{STRING:country, STRING:job,STRING:kubernetesContext,STRING:platform}:executionContext }:message }(flat=true)")
| FIELDS_ADD(country: message["executionContext"]["country"], kind: message["kind"], input: message["inputs"])

 

But I'm not able to extract and forge fields within inputs array.

How do we do that ?

 

Thank you,

Nicolas.

 

Labels:
0 Kudos
Reply
1 REPLY 1

ChadTurner
DynaMight Legend
DynaMight Legend

‎11 Jan 2023 01:35 PM - edited ‎11 Jan 2023 01:36 PM

@NicolasT are you still having an issue extracting the data? were you able to get it sorted out?

-Chad
0 Kudos
Reply
Ask a question

Featured Posts