Hi,
We are using HTTP GELF post a nested json log as below, and try to extract it field on behalf of querying nested json log, but customized fields can not be displayed and used, when I am testing it, it looks good though. Are there any steps I missed?
json body.
{ “short_message”: “jerry test”, “data”:{“level”: “ERROR”, “details”: {“message”: “This is an example error message”, “controller”: “IndexController”, “tags”: [“one”, “two”, “three”]}},“level”:“1” }
Thanks,
-Jerry.
You will have to add a JSON extractor on the “data” field to extract the JSON in there. Alternatively, you can do the same with a pipeline rule like this:
rule "extract json from data field"
when
has_field("data")
then
set_fields(to_map(parse_json(to_string($message.data))));
endThank you @benvanstaveren, my issue is fixed now. I finally find some datatype issues of my json body after outputting debug information.
Regard,
-Jerry.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.