Hi Team,
I am sharing logline below.
"independentFailureReport": {
"failureReportEntries": [
{
"errorCode": abc,
"additionalInfo": {
"length": xyz,
"result": "XXXXXXXXXXXXXXXXXXX"
},
"execScheduleInfo": {
"enableReportTimeStamps": 0,
"numTriggerSources": ,
"executionMode": 0
},
"creationTime": {
"utcInMilliseconds": 15245
},
"failureCounter": 0
},
{
"errorCode": abc,
"additionalInfo": {
"length": xyz,
"result": "XXXXXXXXXXXXXXXXXXX"
},
"execScheduleInfo": {
"enableReportTimeStamps": 0,
"numTriggerSources": ,
"executionMode": 0
},
"creationTime": {
"utcInMilliseconds": 15258
},
"failureCounter": 0
},
{
"errorCode": abc,
"additionalInfo": {
"length": xyz,
"result": "XXXXXXXXXXXXXXXXXXX"
},
"execScheduleInfo": {
"enableReportTimeStamps": 0,
"numTriggerSources": ,
"executionMode": 0
},
"creationTime": {
"utcInMilliseconds": 15279
},
"failureCounter": 0
},
]
}
I have used below spilt option to get "result" as a separate field from above logline.
split {
field => "[independentFailureReport][failureReportEntries]"
}
because of spilt option we are getting 3 separate documents from above logline. But array consist same filed and value so i need to fetch only one value instead of getting 3 separate documents. Could you please guide me on this?
You can use a field reference to extract a value from the first hash in an array. For example
input { generator { count => 1 lines => [ '{ "a": [ { "x": 1 }, { "y": 2 } ] }' ] codec => json } }
output { stdout { codec => rubydebug { metadata => false } } }
filter { mutate { add_field => { "foo" => "%{[a][0][x]}" } } }
will produce
"foo" => "1",
"a" => [
[0] {
"x" => 1
},
[1] {
"y" => 2
}
],
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.