There all kinds of questions (and not too many answers) about processing nested JSON, either at the source or in search. I have some nested JSON that the spath command can extract the fields from, but the display in the Search & Reporting app is still only one JSON level deep. For example:
{ [-]
log: {"message":"looks like we got no XML document","context":{"status":400,"traceId":"aacb332c-e907-352b-9f8b-a72a55d75cd0","path":"somepath","method":"GET","account_id":1234},"level":200,"level_name":"INFO","channel":"lumen","datetime":{"date":"2018-10-17 20:49:01.839792","timezone_type":3,"timezone":"UTC"},"extra":[]}
stream: stdout
time: 2018-10-17T20:49:01.841051338Z
}
The spath command successfully extracts the fields in the "log" element, but I'd like to actually see the "log" properly formatted:
{
"channel": "lumen",
"context": {
"account_id": 1234,
"method": "GET",
"path": "somepath",
"status": 400,
...etc
"message": "looks like we got no XML document"
}
Anyway to do this in a search?
... View more