topic REST input JSON event break in Getting Data In

REST input JSON event break

zubairsp — Wed, 28 Aug 2024 10:46:02 GMT

Hello,

Need an urgent help.

I am using REST API Modular input and the problem is i am not able to set the parameter for event breaking, below is the sample log.

{ "User" : [ { "record_id" : "2", "email_address" : "dsfsdf@dfdf.net", "email_address_id" : "", "email_type" : "", "email_creation_date" : "", "email_last_update_date" : "2024-08-23T05:28:43.091+00:00", "user_id" : "54216542", "username" : "Audit.Test1", "suspended" : false, "person_id" : "", "credentials_email_sent" : "", "user_guid" : "21SD6F546S2SD5F46", "user_creation_date" : "2024-08-23T05:28:42.000+00:00", "user_last_update_date" : "2024-08-23T05:28:44.000+00:00" }, { "record_id" : "3", "email_address" : "XDCFSD@dfdf.net", "email_address_id" : "", "email_type" : "", "email_creation_date" : "", "email_last_update_date" : "2024-08-28T06:42:43.736+00:00", "user_id" : "300000019394603", "username" : "Assessment.Integration", "suspended" : false, "person_id" : "", "credentials_email_sent" : "", "user_guid" : "21SD6F546S2SD5F46545SDS45S", "user_creation_date" : "2024-08-28T06:42:43.000+00:00", "user_last_update_date" : "2024-08-28T06:42:47.000+00:00" }, { "record_id" : "1", "email_address" : "dfds@dfwsfe.com", "email_address_id" : "", "email_type" : "", "email_creation_date" : "", "email_last_update_date" : "2024-08-06T13:27:34.085+00:00", "user_id" : "5612156498213", "username" : "dfsv", "suspended" : false, "person_id" : "56121564963", "credentials_email_sent" : "", "user_guid" : "D564FSD2F8WEGV216S", "user_creation_date" : "2024-08-06T13:29:00.000+00:00", "user_last_update_date" : "2024-08-06T13:29:47.224+00:00" } ]}

Re: REST input JSON event break

PaulPanther — Wed, 28 Aug 2024 11:35:28 GMT

Do you need help how to configure the props.conf or where to configure it?

Re: REST input JSON event break

zubairsp — Wed, 28 Aug 2024 11:46:25 GMT

Sorry for not being clearer, however i need help with props attributes and regex to match event break

Re: REST input JSON event break

DavidHourani — Wed, 28 Aug 2024 11:58:26 GMT

Hi Zubair,

Try something like this:

[YOUR_SOURCETYPE] SHOULD_LINEMERGE=true LINE_BREAKER=(, ) TRUNCATE=9999999 BREAK_ONLY_BEFORE={ MUST_BREAK_AFTER=} SEDCMD-cleanup-before=s/^\{ "User" : \[\s\{/{/g SEDCMD-cleanup-after-2=s/\s\[\}/}/g

It's best if you can run that on a test instance first with some sample data to see how it works for you.

Re: REST input JSON event break

zubairsp — Thu, 29 Aug 2024 13:59:52 GMT

Anyone interested,

This solution worked just fine, however i ended up using the Addon builder instead since it was clean with less efforts.

There is an option in Addon builder called "event extraction settings" here i simply used the following settings $.User

This setting will break the events and also field/value pairs.

Cheers!