JSON fields pretty-printing

(Maxim V) #1


I would like to dump some unstructured JSON information into logs (requests / replies from REST services) and I intentionally don’t want to parse them. I did some tests with a Graylog 2.5 docker image and it everything is great, except in the interface, those fields appear as plain text strings.

Does Graylog have some pretty printing to make it possible to navigate in this kind of data? I couldn’t find anything like this in the interface. To me it just looks like an obvious thing to have, or is there anything else I’m not aware of?


(Jan Doberstein) #2

how did you ingest the data into Graylog? Did you parse the json or did you look at it as a string?

(Maxim V) #3

Hey Jan, in Graylog I tried both just a string and JSON extractor. I think the second one only extracts top level fields.

(Jan Doberstein) #4

the processing pipelines with parse_json together with the set_fields function is what you want to try …

(Maxim V) #5

Ok, I’m looking into it. What I see currently - parse_json returns a JSON Tree, which I can not put directly into the set_fields, correct? If this is correct - have to do select_jsonpath which implies knowing the structure of JSON, which I want to avoid.

Another option would be to iterate over JSON tree, but I don’t see any iteration tools in pipeline functions, are there any?

(Maxim V) #6

Ok, I found these discussions, seems like I should try Graylog 3.0

(system) closed #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.