Hi Team, I have two event , attaching screenshot for reference 1.how to retrieve the uniqObjectIds and display in table form 2.how to retrieve the objectIds,version and display their value in diff...
See more...
Hi Team, I have two event , attaching screenshot for reference 1.how to retrieve the uniqObjectIds and display in table form 2.how to retrieve the objectIds,version and display their value in different table column form first event: msg: unique objectIds name: platform-logger pid: 8 uniqObjectIds: [ [-] 275649 108976 ] uniqObjectIdsCount: 1 second event: event: { [-] body: { "objectType": "material", "objectIds": [ "275649" ], "version": "latest" } msg: request body The query i came closest is below but still unable to get what i wanted. Actual : Expected: in a table , i get the each object in different row .ex |uniqueIds| |275649| ||108976 index="" source IN ("") | eval PST=_time-28800 | eval PST_TIME=strftime(PST, "%Y-%d-%m %H:%M:%S") | eval split_field= split(_raw, "Z\"}") | mvexpand split_field | rex field=split_field "objectIdsCount=(?<objectIdsCount>[^,]+)" | rex field=split_field "uniqObjectIdsCount=(?<uniqObjectIdsCount>[^,]+)" | rex field=split_field "recordsCount=(?<recordsCount>[^,]+)" | rex field=split_field "sqsSentCount=(?<sqsSentCount>[^,]+)"|where objectType="material" | table_time,PST_TIME,objectType,objectIdsCount,uniqObjectIdsCount,recordsCount,sqsSentCount | sort _time desc