gsmith
January 14, 2022, 2:09am
2
Hello @jimbo && Welcome
I’m looking into this but I have a couple questions.
But then you stated this…
I’m assuming on your JSON path HTTP API input you create a JSON extractor then you had to create other extractors to parse your field called “processGroupStatus_aggregateSnapshot_connectionStatusSnapshots”
How did you configure that JSON extractor? that’s one long field. To be honest that looks like two fields put together.
Some information I dug up , perhaps it will help.
Hi.
Graylog 3.0.2+1686930
I’m trying to parse json fields in pipeline rule. In stage 0 I’m parsing “message” field, creating “Properties” field from it and parsing “Properties”:
when
has_field("Properties") &&
contains(to_string($message.message), "data", true)
then
let msg = parse_json(to_string($message.message));
let prop = select_jsonpath(msg, {Properties: "$.Properties"});
set_field("Properties", to_string(prop.Properties));
let props = parse_json(to_string($…
Hello everyone,
due to some extractor restrictions, I’m using pipelines to push log inputs from the Beats-Plugin into Graylog. The logs to be processed may contain a JSON object containing further informations like stacktraces, invoked methods and other informations. As those informations are optional for the logger, there are no defined keys for the JSON object to be defined. From this perspective, JSON data should be handled as arbitrary key-value data to be processed inside the pipeline.
Cu…
Graylog2:master ← Graylog2:set_fields_json
opened 02:23PM - 28 Nov 17 UTC
Sometimes users might want to parse and merge the JSON payload of a message
wit… h the Graylog message without knowing the complete structure of the payload
or without having a fixed structure which could be selectively merged by using
the `json_path()` method.
This commit essentially adds the possiblity to create a pipeline rule emulating
the existing JSON extractor:
rule "json"
when
// some condition
then
let json = parse_json(to_string($message.some_field));
set_fields(json);
end
Refs: https://community.graylog.org/t/parse-unknown-json-with-pipelines/3293/7
