are we able to pick up everything between an open ...

Kisame27 · ‎11-17-2021

there is raw data : [{}]

parameters="[{"Name":"request","Type":"WithdrawalRequestedRequest","Value":{"BrandName":"Bumer","TransactionReference":"111403471","CustomerId":"00e9bc22-96ac-412f-90aa-a240dc03daf9","PaymentDetails":{"Created":"2021-11-18T06:56:54.377Z","Changed":"2021-11-18T06:56:54.393Z","Amount":25.0000,"Fee":0.2500,"CurrencyCode":"GEL","BaseAmount":7.0200,"BaseFee":0.0700,"BaseCurrencyCode":"EUR","PaymentMethodName":"BOG","PublicPaymentId":"t8185jta7fEBBOG","PaymentReference":"bf28bf9e-5caa-4faa-ba4f-c1422080f83e","ExternalData":null,"AdditionalParameters":null}}]"

are we able to pick up everything between an open [{ and a close }]

the main Fields which I need mostly are: Amount , Base Amount are you able to help me Please

Kisame27 · ‎11-18-2021

thank you very much , have a good day

ITWhisperer · ‎11-18-2021

| rex "\"\[\{(?<parameters>.*?)\}\]\""

Is this supposed to be JSON as the curly braces are mismatched?

scelikok · ‎11-18-2021

Hi @Kisame27 ,

The easiest way is removing [ and ] characters and using spath to extract all fields. Please try below;

| eval parameters=replace(replace(parameters,"\[",""),"\]","") 
| spath input=parameters

If this reply helps you an upvote is appreciated.

are we able to pick up everything between an open [{ and a close }]

rex

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash