Re: extract json inside another json object using ...

sivaranjiniG · ‎12-14-2021

Hello

I have this below data,

{ [-]
   guessedService: ejj
   logGroup: /aws/ejj/cluster
   logStream: kube-apt-15444d2f8c4b216a9cb69ac
   message:{"kind":"Event","stage":"ResponseComplete","requestURI":"/api/v1/namespaces/jej/endpoints/eji.com-aws-eji","verb":"update","user":{"username":"system:serviceaccount:efs:efs-provisioner","uid":"ab5d27b4c-71a4f77323b0","groups":["system:serviceaccounts","system:serviceaccounts:eji","system:authenticated"]},"sourceIPs":["10.0.0.0"],"userAgent":"eji-provisioner/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"endpoints","namespace":"edd","name":"dds.com-aws-edds","uid":"44ad8-899f-fbc1f4befb2f","apiVersion":"v1","resourceVersion":"8852157"},"responseStatus":{"metadata":{},"code":200}}

Need to extract user:{username:.....} user part alone
need to write once regex to extarct all the values inside user object..like user.username, user.uid, user.groups

ITWhisperer · ‎12-14-2021

| rex "\"user\":(?<user>[^\}]+\})"
| spath input=user

sivaranjiniG · ‎12-14-2021

Thanks for the reply, but i need to use props and transforms either index or search time extraction

extract json inside another json object using regex

other

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!