Extract a field from a text field

RaonyO · May 26, 2022, 9:38pm

I'm trying to extract the fields that come within the "indicator" and "agentDetectionInfo" field, could someone help me?
here's the log in json:

{
  "_index": "xxx",
  "_type": "_doc",
  "_id": "xxxxxhvfUu_M2V8K",
  "_score": 1,
  "fields": {
    "indicators": [
      "[{'category': 'Abnormalities', 'description': 'This binary contains abnormal section names which could be an indication that it was created with non-standard development tools', 'ids': [1], 'tactics': []}, {'category': 'Hiding/Stealthiness', 'description': 'The majority of sections in this PE have high entropy, a sign of obfuscation or packing', 'ids': [29], 'tactics': []}]"
    ],
    "@timestamp": [
      "2022-05-18T12:23:45.251Z"
    ],
    "agentDetectionInfo": [
      "{'accountId': 'xxxx36xx4xxx4xx3', 'accountName': 'XXX Software', 'agentDetectionState': 'full_mode'}"
    ],
}

Tomo_M · May 27, 2022, 3:33am

Hi,

You may need JSON processor of ingest pipeline to parse the string while indexing, or using Logstash or some ETL client to parse the string before indexing the documents.

system · June 24, 2022, 3:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract field's from a message field Logstash	1	208	June 22, 2021
Getting multiple fields out of agent Logstash	4	293	April 12, 2022
Extract Fields from JSON Array Logstash	11	3930	November 23, 2018
How extract specific fields from JSON input with Logstash filters? Logstash	1	1475	April 17, 2019
Possible to grok an Elasticsearch document fields? Logstash	4	428	January 12, 2017

Extract a field from a text field

Related topics