I have syslogs lines like:
<333>1 2020-10-09T09:03:00 Myv2 Myv2 - - - {"_id": "authentication", "a_device": {"hostname": null, "ip": "10.10.10.10", "location": {"city": "Lviv", "country": "Ukraine", "state": "Lviv"}}, "alias": "[email protected]", "application": {"key": "XXXXXXXXXXXXX", "name": "Name"}, "auth_device": {"ip": "10.10.10.10", "location": {"city": "Lviv", "country": "Ukraine", "state": "Lviv"}, "name": "+380 00 000 000"}
I need convert the JSON part from logs to attributes, so will be "key": "value" format like:
"_id": "authentication",
"a_device_ip": "10.10.10.10",
"location_city": "Lviv"
e t c
I am using below flow with ExtractGrok module:
and options for ExtractGrok:
but with 'flowfile-content' option ExtractGrok adding extra string pattern name 'GREEDYDATA' in my json and escape characters like:
and after EvaluateJsonPath module getting incorrect JSON and returning empty results:
If I select 'flowfile-attribute' in ExtractGrok then it is working fine without extra stuff but I don't see how to send that attribute value to EvaluateJsonPath module it is working with only with flow content but not attribute value
Please help with issue or suggest alternative flow:
After your ExtractGrok processor, you could add an AttributesToJSON processor, which creates already a result JSON containing your GROK-parsed fields inside.