Can you please tell us how to extract an individual events from json array during the indexing,
Sample input:
{
"Value": [
{
"date": "2016-06-10",
"applicationId": "app1",
"applicationName": "T NOW",
"deviceType": "PC",
"orderName": "",
"storeClient": "Windows Store (client)",
"osVersion": "Windows 10",
"market": "US",
"gender": "Unknown",
"ageGroup": "35-49",
"acquisitionType": "Free",
"acquisitionQuantity": 1
},
{
"date": "2016-06-09",
"applicationId": "app1",
"applicationName": "T NOW",
"deviceType": "PC",
"orderName": "",
"storeClient": "Store (client)",
"osVersion": "Windows 8.1",
"market": "US",
"gender": "Unknown",
"ageGroup": "Unknown",
"acquisitionType": "Free",
"acquisitionQuantity": 5
}]
}
We have tried source settings like below in props.conf and seems it is not splitting the events correctly. Can you please provide the correct properties to break events for each values in the json array and assign the date field value as the event's timestamp?
[mobile_win_json]
INDEXED_EXTRACTIONS = json
KV_MODE = json
NO_BINARY_CHECK = true
BREAK_ONLY_BEFORE = ^{
SHOULD_LINEMERGE = false
TIMESTAMP_FIELDS = date
TIME_FORMAT = %Y-%m-%d
TRUNCATE = 0
category = Custom
description = json filed extraction from array of value
disabled = false
pulldown_type = true
↧