Hi,
How do I extract the JSON object before indexing itself? Right now I'm extracting using the below search.
This is the data:
2016-01-18 16:24:40,406 INFO [org.apache.log4j.Logger] (ajp-/10.32.20.21:8309-7)
transaction_id="123451"
action="ABC API"
desc="start of api"
result="success"
http_method="POST"
payload_json=
{
"requestId": "ABCDEqq",
"partnerId": "001",
"storeId": "001",
"subscriberId": "001",
"event": "1",
"date": "2015-10-20 12:08:56 PDT",
"uuid": "123451"
}
Here is the search:
index="xyz" sourcetype="pm" action="ABC API" | spath input=payload_json | stats count by action,event
It works fine, but is there a way to extract the JSON before indexing itself so the search is going to be:
index="xyz" sourcetype="pm" action="ABC API" | stats count by action,event
No spath in this command
↧