JSON Parser
Overview
Grok parser is a filter that helps parse and structure data in JSON format. The Json parser uses the Json library to convert a field containing JSON into an actual data structure in the logs.
Configure JSON parser
To create a Grok parser configuration, follow the instructions below:
In the Processor information section , enter general information for a processor according to the instructions in Processor . In this content, you will choose Processor type as JSON Parser .
In the Parsing rule section , enter the following information:
Enter Source field : field containing logs that will need to be parsed.
Enter Target field : field will be overwritten in destination log project, normally you will not need to enter this information.
Select Skip on invalid JSON if you want to ignore parser source fields that are not properly formatted logs as JSON.
For example:
| Source log project | Destination log project | Message (field logs mà chúng tôi thực hiện parser) | Kết quả parser |
|---|---|---|---|
webserver | webserver-parse | ||
"message":"Therewasanerrorprocessingtherequest", | |||
"request_id":"1234567890","user_id":"vngcloud1"} | |||
{ "timestamp": "2023-07-23T12:34:56Z", "level": "error", "message": "There was an error processing the request", "request_id": "1234567890", "user_id": "vngcloud1" } |
Store and reuse Parsing rules
You can store a parsing rule by checking Save this rule , then entering a memorable name for the parsing rule you want to store. The mnemonic name has a minimum length of 5 characters, a maximum length of 255 characters and can only include upper and lower case letters (az, AZ), numbers (0-9), and dots (.), space ( ), underscore (_), hyphen (-), and the @ character.
After the parsing rule has been stored, in subsequent processor creations you can reuse this rule by selecting Rule presets in the Pasing rule section.
Last updated
