Extract a field from a text field

RaonyO · May 26, 2022, 9:38pm

I'm trying to extract the fields that come within the "indicator" and "agentDetectionInfo" field, could someone help me?
here's the log in json:

{
  "_index": "xxx",
  "_type": "_doc",
  "_id": "xxxxxhvfUu_M2V8K",
  "_score": 1,
  "fields": {
    "indicators": [
      "[{'category': 'Abnormalities', 'description': 'This binary contains abnormal section names which could be an indication that it was created with non-standard development tools', 'ids': [1], 'tactics': []}, {'category': 'Hiding/Stealthiness', 'description': 'The majority of sections in this PE have high entropy, a sign of obfuscation or packing', 'ids': [29], 'tactics': []}]"
    ],
    "@timestamp": [
      "2022-05-18T12:23:45.251Z"
    ],
    "agentDetectionInfo": [
      "{'accountId': 'xxxx36xx4xxx4xx3', 'accountName': 'XXX Software', 'agentDetectionState': 'full_mode'}"
    ],
}

Tomo_M · May 27, 2022, 3:33am

Hi,

You may need JSON processor of ingest pipeline to parse the string while indexing, or using Logstash or some ETL client to parse the string before indexing the documents.

Topic		Replies	Views
Extract specific string from a field in ELK Elasticsearch	2	359	January 4, 2024
Extracting a specific data from a field Logstash	6	369	May 18, 2018
How to extract string from the log and create a new field and send to elastic search index Beats filebeat	3	716	July 23, 2023
How to parse json from message field Beats filebeat	4	3227	February 8, 2024
Field Extraction/Parsing Beats filebeat	5	1373	April 8, 2019

Extract a field from a text field

Related topics