JSON Processor to parse logs data into doc objects

Hi Team,

We have below doc data in JSON format

{
"_index": "jaeger-span-2020-05-29",
"_type": "_doc",
"_id": "QDuvYHIBiNzxbOQnW-IN",
"_version": 1,
"_score": 0,
"_source": {
"traceID": "1a9a6917049eff71",
"spanID": "8c48cf3e6be61c25",
"operationName": "/searchRIBCustomerInMDM | request/response",
"references": [
{
"refType": "CHILD_OF",
"traceID": "1a9a6917049eff71",
"spanID": "e371c222c135043d"
}
],
"startTime": 1590759983510217,
"startTimeMillis": 1590759983510,
"duration": 18686455,
"tags": ,
"tag": {
"internal@span@format": "jaeger"
},
"logs": [
{
"timestamp": 1590759983510221,
"fields": [
{
"key": "request",
"type": "string",
"value": "{"SearchRIBCustomerInMDMRequest":{"msgHdr":{"frm":{"id":""},"hdrFlds":{"cnvId":"cf1873ac-e4f3-44a4-992c-cb3224b48914","msgId":"19bbcfe6-8b88-4b07-8aac-fa4c7e8307b1","extRefId":"e9923fbb-36f6-489a-a659-5598bbf14d38","bizObjId":"a643a94f-cf65-4c75-9df0-7c2aab3487e0","appId":"RIB","timestamp":"2020-05-29T13:46:23.510142144Z"}},"msgBdy":{"ucic":"1000120569"}}}"
},
{
"key": "description",
"type": "string",
"value": "172.19.36.121:10101/searchRIBCustomerInMDM"
}
]
},
{
"timestamp": 1590760002196668,
"fields": [
{
"key": "response",
"type": "string",
"value": "{\n "SearchRIBCustomerInMDMResponse":{\n "msgHdr":{\n "rslt":"ERROR",\n "error":[\n {\n "cd":"NARR999",\n "rsn":"Technical error occured while connecting to MDMOutput data invalid",\n "srvc":{\n "nm":"MDMCustomerReporting",\n "cntxt":"MDMCustomerReporting",\n "actn":{\n "paradigm":"Reply",\n "nm":"SearchMDMCustomer",\n "vrsn":"01"\n }\n }\n }\n ]\n },\n "msgBdy":[\n null\n ]\n }\n}"
},
{
"key": "description",
"type": "string",
"value": "172.19.36.121:10101/searchRIBCustomerInMDM"
}
]
}
],
"process": {
"serviceName": "IDP-API",
"tags": ,
"tag": {
"hostname": "idp-api-84f95444db-zb5xf",
"opencensus@corelibversion": "0.23.0",
"opencensus@exporterversion": "0.0.1",
"opencensus@language": "GO_LANG",
"pid": 1,
"start@time": "2020-05-29T12:10:55.80180899Z"
}
}
},
"fields": {
"startTimeMillis": [
"2020-05-29T13:46:23.510Z"
]
}
}

we want values from "key": "response" field

1. "rslt":"ERROR"
2. "error":[\n {\n "cd":"NARR999",\n "rsn":"Technical error occured while connecting to MDMOutput data invalid"

as object in same index in realtime

we are getting these docs in default index.

Please suggest.

Hi Team,

Any update on this?

{
"_index": "testlogs",
"_type": "_doc",
"_id": "10",
"_version": 1,
"_score": 0,
"_source": {
"traceID": "1a9a6917049eff71",
"process": {
"tag": {
"hostname": "idp-api-84f95444db-zb5xf",
"opencensus@language": "GO_LANG",
"opencensus@corelibversion": "0.23.0",
"pid": 1,
"opencensus@exporterversion": "0.0.1",
"start@time": "2020-05-29T12:10:55.80180899Z"
},
"serviceName": "IDP-API",
"tags": "M"
},
"references": [
{
"traceID": "1a9a6917049eff71",
"spanID": "e371c222c135043d",
"refType": "CHILD_OF"
}
],
"startTimeMillis": 1590759983510,
"description": "",
"operationName": "/searchRIBCustomerInMDM | request/response",
"responseData": "{"SupOverRide":0,"ErrorCode":545,"ErrorMessage":"APPLICATION NOT ACTIVE."}",
"tags": "M",
"spanID": "8c48cf3e6be61c25",
"duration": 18686455,
"startTime": 1590759983510217,
"tag": {
"internal@span@format": "jaeger"
},
"requestData": "Kdffcbcgbn",
"logs": [
{
"fields": [
{
"type": "string",
"value": "Kdffcbcgbn",
"key": "request"
},
{
"type": "string",
"value": "172.19.36.121:10101/searchRIBCustomerInMDM",
"key": "description"
}
],
"timestamp": 1590759983510221
},
{
"fields": [
{
"type": "string",
"value": "{"SupOverRide":0,"ErrorCode":545,"ErrorMessage":"APPLICATION NOT ACTIVE."}",
"key": "response"
},
{
"type": "string",
"value": "172.19.36.121:10101/searchRIBCustomerInMDM",
"key": "description"
}
],
"timestamp": 1590760002196668
}
],
"descriptionData": "172.19.36.121:10101/searchRIBCustomerInMDM"
},
"fields": {
"process.tag.start@time": [
"2020-05-29T12:10:55.801Z"
]
}
}

Need to extract "ErrorCode":545,"ErrorMessage":"APPLICATION NOT ACTIVE."

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.