if the field is mix of json and some other type. is it possible to parse the field at index time or search time without using spath ?
my data is some what mix of json and other format. how should I parse it without using spath command (i mean parsing at index time or search time), so that I can alias the key value pair in json format and the one in anther format:
Below is my raw logs pattern:
ssoId:023serwerwef32, RBA Request :
key=value&key=value&&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value
,RBA Response :
{"key":value","key":value","key":value","key":value","key":value","key":value","key":value","key":value".........}
Note: Value of the above RBA Response is multiple nested json for varying sizes in different log.
... View more