Hi , I have json having same structure as the below . How should I parse it?I tried split filter but its not working .
[
Are you able to parse the JSON? What does your filter configuration look like? What results do you want?
I wanted to access the inner most fields .
Badger
May 17, 2021, 10:33pm
5
Please do not PM people you do not know.
If you configure
json { source => "message" remove_field => [ "message" ] }
split { field => "partyacct" }
split { field => "[partyacct][accounting]" }
split { field => "[partyacct][sales]" }
mutate {
rename => {
"[partyacct][accounting][firstName]" => "acctppl_firstname"
"[partyacct][accounting][lastName]" => "acctppl_lastname"
"[partyacct][accounting][age]" => "acctppl_age"
"[partyacct][sales][firstName]" => "salesppl_firstname"
"[partyacct][sales][lastName]" => "salesppl_lastname"
"[partyacct][sales][age]" => "salesppl_age"
}
remove_field => [ "partyacct" ]
}
then you will get 8 records like
"acctppl_firstname" => "b36Mary",
"acctppl_lastname" => "Smith",
"salesppl_age" => 41,
"salesppl_firstname" => "b36Jim",
"acctppl_age" => 36,
"salesppl_lastname" => "Galley"
1 Like
Thank You so much for your help and I tried to run the same but I got truncated error like below. Is it possible that my index space is full or any other issue ?
"firstName""[truncated 253 bytes]; line: 1, column: 1])
This is resolved . Thank you very much.
system
June 16, 2021, 2:07pm
10
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.