{
cid: abcde
d: 1211
environment: nonProd
log: request
messageBody:
}
This should be a straight forward regular expression extract. Some of the formatting of your JSON looks strange though, with strange characters in it like where the "∂" where I think you expected "partnerEBID" to be. I also don't see a branchCode but I do see a brandCode. I'm not a JSON expert but that value for the brandCode doesn't look like valid JSON to me. If the value is supposed to be an empty string, it should be 2 sets of double quotes, not just 1. Anyway, with the data provided, I created a very simple regular expression. I'm sure there are better ways to write it but this is the easiest thing that works. I think you can extrapolate from here to extract more fields with this expression.
| rex field=_raw "businessId=(?P<businessId>\d+).*EBID=(?P<partnerEBID>\d+)"
This should be a straight forward regular expression extract. Some of the formatting of your JSON looks strange though, with strange characters in it like where the "∂" where I think you expected "partnerEBID" to be. I also don't see a branchCode but I do see a brandCode. I'm not a JSON expert but that value for the brandCode doesn't look like valid JSON to me. If the value is supposed to be an empty string, it should be 2 sets of double quotes, not just 1. Anyway, with the data provided, I created a very simple regular expression. I'm sure there are better ways to write it but this is the easiest thing that works. I think you can extrapolate from here to extract more fields with this expression.
| rex field=_raw "businessId=(?P<businessId>\d+).*EBID=(?P<partnerEBID>\d+)"
Great, thanks a bunch. It works like a charm.