Hi,
service.action.portProbeAction.portProbeDetails {
"localPortDetails": {
"portName": "HTTPS",
"port": 443
},
"remoteIpDetails": {
"organization": {
"org": " ",
"asnOrg": " ",
"asn": "49505",
"isp": " "
},
"city": {
"cityName": ""
},
"country": {
"countryName": "us"
},
"geoLocation": {
"lat": 20.7386,
"lon": -56.6068
},
"ipAddressV4": "76.98.213,56"
}
},
{
"localPortDetails": {
"portName": "HTTP",
"port": 80
},
"remoteIpDetails": {
"organization": {
"org": " ",
"asnOrg": " ",
"asn": "49505",
"isp": " "
},
"city": {
"cityName": ""
},
"country": {
"countryName": "Russia"
},
"geoLocation": {
"lat": 21.7386,
"lon": 8.6068
},
"ipAddressV4": 76.98.213.56"
expected output fileds service.action.portProbeAction.portProbeDetailsremoteipDetails.city.contryname_1: US
Badger
June 30, 2020, 8:11pm
2
That is not valid JSON. Is service.action.portProbeAction.portProbeDetails an array?
yes,I have posted only nested field not entire json data.
Badger
June 30, 2020, 8:42pm
4
It is not quite what you asked for, but should give you something to work with
ruby {
code => '
def flattenObject(object, name, event)
if object
if object.kind_of?(Hash) and object != {}
object.each { |k, v| flattenObject(v, "#{name}.#{k}", event) }
elsif object.kind_of?(Array) and object != []
object.each_index { |i|
flattenObject(object[i], name + "_#{i}", event)
}
else
event.set(name, object)
end
end
end
fieldName = "service.action.portProbeAction.portProbeDetails"
o = event.get(fieldName)
if o
flattenObject(o, fieldName, event)
end
event.remove(fieldName)
'
}
will produce
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.organization.asnOrg" => " ",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.geoLocation.lat" => 20.7386,
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.country.countryName" => "Russia",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.organization.org" => " ",
"service.action.portProbeAction.portProbeDetails_0.localPortDetails.portName" => "HTTPS",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.organization.isp" => " ",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.country.countryName" => "us",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.geoLocation.lon" => 8.6068,
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.geoLocation.lon" => -56.6068,
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.city.cityName" => "",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.organization.isp" => " ",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.organization.org" => " ",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.organization.asnOrg" => " ",
"service.action.portProbeAction.portProbeDetails_1.localPortDetails.portName" => "HTTP",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.geoLocation.lat" => 21.7386,
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.city.cityName" => "",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.organization.asn" => "49505",
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.ipAddressV4" => "76.98.213.56",
"service.action.portProbeAction.portProbeDetails_1.localPortDetails.port" => 80,
"service.action.portProbeAction.portProbeDetails_1.remoteIpDetails.organization.asn" => "49505",
"service.action.portProbeAction.portProbeDetails_0.remoteIpDetails.ipAddressV4" => "76.98.213.56",
"service.action.portProbeAction.portProbeDetails_0.localPortDetails.port" => 443,
ThaKyou.
Badger
June 30, 2020, 9:12pm
6
I realize that. Feel free to modify the code to get that.
While running ruby code , I am not getting same output what I posted. There is no change in the output.
Please help out for this code. I am not getting output what I expected.
I have tried with the ruby code in logstash but not worked for me.Please help me.
system
July 31, 2020, 4:18pm
10
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.