Hello, Can someone please help me in extracting nested json fields without regex? I have tried below: 1. Updating KV_mode =json in the search head TA props.conf 2. Updating indexed_extractions=JS...
See more...
Hello, Can someone please help me in extracting nested json fields without regex? I have tried below: 1. Updating KV_mode =json in the search head TA props.conf 2. Updating indexed_extractions=JSON in the search head TA props.conf 3. Updating the limits.conf with the spath stanza for the HF TA [spath] extraction_cutoff = 10000 4. Tried mvexpand command also. Nothing worked. My raw logs looks like this: event": "{\"eventVersion\" "1.08\",\"userIdentity\":{\"type\" "AssumedRole\",\"principalId\" "AROAXYKJUXCU7M4FXD7ZZ:redlock\",\"arn\" "arn:aws:sts::533267265705:assumed-role/PrismaCloudRole-804603675133320192/redlock\",\"accountId\" "533267265705\",\"accessKeyId\" "ASIAXYKJUXCUSTP25SUE\",\"sessionContext\":{\"sessionIssuer\":{\"type\" "Role\",\"principalId\" "AROAXYKJUXCU7M4FXD7ZZ\",\"arn\" "arn:aws:iam::533267265705:role/PrismaCloudRole-804603675133320192\",\"accountId\" "533267265705\",\"userName\" "PrismaCloudRole-804603675133320192\"},\"webIdFederationData\":{},\"attributes\":{\"creationDate\" "2024-05-03T00:53:45Z\",\"mfaAuthenticated\" "false\"}}},\"eventTime\" "2024-05-03T04:09:07Z\",\"eventSource\" "autoscaling.amazonaws.com\",\"eventName\" "DescribeScalingPolicies\",\"awsRegion\" "us-west-2\",\"sourceIPAddress\" "13.52.105.217\",\"userAgent\" "Vert.x-WebClient/4.4.6\",\"requestParameters\":{\"maxResults\":10,\"serviceNamespace\" "cassandra\"},\"responseElements\":null,\"additionalEventData\":{\"service\" "application-autoscaling\"},\"requestID\" "ef12925d-0e9a-4913-8da5-1022cfd15964\",\"eventID\" "a1799eeb-1323-46b6-a964-efd9b2c30a8a\",\"readOnly\":true,\"eventType\" "AwsApiCall\",\"managementEvent\":true,\"recipientAccountId\" "533267265705\",\"eventCategory\" "Management\",\"tlsDetails\":{\"tlsVersion\" "TLSv1.3\",\"cipherSuite\" "TLS_AES_128_GCM_SHA256\",\"clientProvidedHostHeader\" "application-autoscaling.us-west-2.amazonaws.com\"}}"}