I want to extract only JSON data but don't know how to do it
2022-09-14 10:08:37,597 DEBUG logging.RequestLoggingAdvice Request received=[{
"Name" : "John",
"var1" : "Value1",
"var2" : "Value2",
"var3" : "Value3",
"var4" : "Value4",
"var5" : "Value5",
"var6" : "Value6",
"var7" : "Value7",
"var8" : "Value8",
"var9" : "Value9",
"address": {
"city" : "abc",
"country" : "ghj",
}
}]
I tried to use grok pattern but it does not give that result which i want.
You would need to use a multiline code on the input to consume all those lines as one event, then you could use a grok filter to pick out everything between the square brackets \[%{GREEDYDATA:someField}\], then use a json filter to parse it.
Hi @Badger thank you for replying me
\[%{GREEDYDATA}\]\:%{GREEDYDATA}%{SPACE}%{GREEDYDATA:message}%{SPACE}%{GREEDYDATA:message} this not efficient because we get more/less field in jSON
Is there any other way
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.