How to extract the list elements and group them into a table

akarunkumar321 — Mon, 19 Oct 2020 05:51:12 GMT

Hi I was been trying hard to extract the following data into a table with the column names failedTestCases(failedScenarios), nameOfTheTestScenario(name), passedTestCases(passedScenarios). And wanted to have a column with successPercent and FailurePercent for each of the test scenario.

Example Data:

{
e2eresult: {
features: [
{
failedScenarios: 0
name: TPAS Activation scenario with Port In[mocked]
passedScenarios: 2
},
{
failedScenarios: 0
name: TPAS Activation scenario[mocked]
passedScenarios: 4
},
{
failedScenarios: 0
name: TPAS Add A Line scenario[mocked]
passedScenarios: 6
},
{},
{}
]
project: test - automation
status: Passed
}
}

Here is what I have done something,

index=duck source=/var/log/containers/**.log | search "e2eresult" | eval _raw="{\"e2eresult\": [{\"features\":[{\"failedScenarios\":\"0\",\"name\":\"TPAS Activation scenario with Port In [mocked]\",\"passedScenarios\":2},{\"failedScenarios\":\"0\",\"name\":\"TPAS Activation scenario [mocked]\",\"passedScenarios\":4}]}]}" | eval all_fields=mvzip('e2eresult.features{}.failedScenarios', 'e2eresult.features{}.name', 'e2eresult.features{}.passedScenarios', ",") | fields all_fields | mvexpand all_fields
| makemv delim="," all_fields
| eval failedTestCases=mvindex(all_fields, 0)
| eval nameOfTheTestScenario=mvindex(all_fields, 1) | eval passedTestCases=mvindex(all_fields, 2)
| table failedTestCases, nameOfTheTestScenario, passedTestCases

Re: How to extract the list elements and group them into a table

ITWhisperer — Mon, 19 Oct 2020 07:05:56 GMT

Seems like you are almost there - the search can be added to first part, since that is already a search; not sure why you are overwriting _raw; you can use spath to extract the fields from json; and, you can use mvzip within mvzip (the delimiter defaults to "," anyway):

index=duck source=/var/log/containers/**.log "e2eresult" | spath | eval all_fields=mvzip('e2eresult.features{}.failedScenarios',mvzip('e2eresult.features{}.name','e2eresult.features{}.passedScenarios')) | mvexpand all_fields | makemv delim="," all_fields | eval failedTestCases=mvindex(all_fields, 0) | eval nameOfTheTestScenario=mvindex(all_fields, 1) | eval passedTestCases=mvindex(all_fields, 2) | table failedTestCases, nameOfTheTestScenario, passedTestCases

topic Re: How to extract the list elements and group them into a table in Getting Data In

How to extract the list elements and group them into a table

Re: How to extract the list elements and group them into a table