Report based on json field cn

atj5206 · October 14, 2018, 9:01pm

Hello, we are trying to create a report from a JSON log field that contain nested objects. Aggregation is not necessary, but that'd be a plus (ideally we could have a count).

JSON log sample for "cookie" field

"cookie":[{"name":"cookie1","a":11,"b":11,"c":11},{"name":"cookie2","a":22,"b":22,"c":22},{"name":"cookie3","a":3,"b":3,"c":3}]}

We want our report to look like:

cookie | a | b | c (header row)

cookie1 11 11 11

cookie2 22 22 22

cookie3 3 3 3

It'd be great if the cookie names and values could be delimited into separate columns, but even if this data were all dumped into a one-column report, that would be fine.

Is this possible?

Many thanks!

jbudz · October 15, 2018, 10:49pm

Unfortunately Kibana's going to struggle with this format, I'm having a hard time thinking of a way. Without aggregations, reports are going to be one row per document. With aggregations, there's limited support for nested fields.

Is reformatting the data an option? If we work backwards from this format, something like below would work:

{
  name: cookie1,
  a: 11,
  b: 11,
  c: 11
}

atj5206 · October 15, 2018, 11:00pm

Thank you for getting back, Jon.

We do have the flexibility to change the log format. However, we need to include information on multiple cookies in each log record. (We cannot split out the log to one cookie per record, it will be too noisy.)

How would the format you proposed look if there is more than one cookie?

Please let me know if you have any suggestion or ideas.

system · November 12, 2018, 11:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.