02 Sep 2022 09:12 AM - last edited on 05 Sep 2022 08:50 AM by MaciejNeumann
Hello the community,
I try to build a Log processing parsing rule with a flat json (here attached expanded).
I would like to extract and define columns in logs menu with the values in the "inputs" array of :
- name
- kind
-status
I tried different syntax with json array etc but nothing is working and I am puzzled.
I was able to extract some simple values with this rule and a raw "inputs" json :
PARSE(content, "JSON{ STRING:level:status, JSON{ JSON_ARRAY{}:inputs, JSON{STRING:country, STRING:job,STRING:kubernetesContext,STRING:platform}:executionContext }:message }(flat=true)")
| FIELDS_ADD(country: message["executionContext"]["country"], kind: message["kind"], input: message["inputs"])
But I'm not able to extract and forge fields within inputs array.
How do we do that ?
Thank you,
Nicolas.
11 Jan 2023 01:35 PM - edited 11 Jan 2023 01:36 PM
@NicolasT are you still having an issue extracting the data? were you able to get it sorted out?