I have this logs:
URI: tttplitmr_78 METHOD: POST
BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E5-2690 0 @ 2.90GHz", "WIDI.AdapterModel": "", "System.Manufacturer": "Xen", "WiFi.DriverVersion": "", "WIDI.FWVersion": "", "Graphics.PCReleaseMajor": "", "WiFi.DriverProviderName": "", "OS.Version": "6.1.7601", "OS.Arch": "64", "OEM.InstallCriticalDrivers": "True", "WIDI.AppVersion": "", "Graphics.PCReleaseMinor": "", "Graphics.DriverVersion": "", "Graphics.MatchingID": "", "Graphics.HardwareID": "", "System.Vendor": "Xen", "System.ProcessorId": "1789FBFF000206D7", "OS.Locale": "en-US", "WiFi.BundleVersion": "", "Graphics.DriverProviderName": "", "WiFi.HardwareID": ""},
i want to change OS. version: "6.1.7" to windows 8 , "6.3". to windows 8.1, "6.1.42" to W7 and so on for all OS wich are represented as numbers.
I have this query but the eval is not changing the fields. what am i doing wrong? (i only try with W8)
index= foo | rex field=summary "BODY: (?{.*)" | spath input=json_data |eval shared_data.OS.Version = case ( shared_data.OS.Version == "6.1.7", "windows 8" ) | chart count by shared_data.OS.Version | sort -count
... View more