Increament the nested Json in date field

Vignesh_Kumar · October 12, 2017, 10:16am

Have the below field in date field which need to be incremented for length of json,

match => ["[Capture][0][TimeStamp]", "yyyyMMddHHmmss"]

In this [0] has to increamented. please help

magnusbaeck · October 12, 2017, 11:03am

It's very hard to understand what you're asking. Please given an example of what your event currently looks like (use a stdout { codec => rubydebug } output) and what you want it to look like instead.

Vignesh_Kumar · October 12, 2017, 12:24pm

The input Json is as below,
{
"Properties": {
"Client Name": "Chubb",
"Portfolio": "Chubb-Transfer",
"ProcessName": "TransferScenario0926"
},
"Capture": [
{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9185",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105419"
},
{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9186",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105420"
},
{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9187",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105421"
}
]
}
Wherein i want covert the TimeStamp to date field which i tried using
match => ["[Capture][0][TimeStamp]", "yyyyMMddHHmmss"]. which is converting the first [0] object only.
I want an output as below,
{
"Properties": {
"Client Name": "Chubb",
"Portfolio": "Chubb-Transfer",
"ProcessName": "TransferScenario0926",
},
"Capture": [
[0]{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9185",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105419",
"StartTime" => 2017-09-26T10:54:19.000Z
},
[1] {
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9186",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105420",
"StartTime" => 2017-09-26T10:54:20.000Z
},
[2]{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9187",
"HTMLPath": "Captures\C:\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105421",
"StartTime" => 2017-09-26T10:54:21.000Z
}
]
}

magnusbaeck · October 12, 2017, 12:45pm

I'm assuming the number of elements in the Capture array isn't know, in which case you'll have to use a ruby filter to loop over the elements and parse the TimeStamp field in each.

Do you really want Capture to continue being an array in a single document? Are you sure you don't want to extract each element into its own document?

Vignesh_Kumar · October 12, 2017, 1:05pm

Thank you and this is example i have give i have three date format like in my json and files are more large size with many json objects. if i can solve this date handling it will be a great help

system · November 9, 2017, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.