Hello,
So I love the spath command. With just one call, it will automatically extract and make searchable each and every field from each JSON log entries.
The only problem is that the spath command names each discovered field with that field's full path. This is a problem when trying to match fields across logs with different structures. For example, calling spth on the two log entries below will produce two different fields called "Request.Header.MessageID" and "Response.Header.MessageID"
{"Request": {"Header": {"MessageID":1234}}}
{"Response": {"Header": {"MessageID":1234}}}'
I actually am not going to know the exact message path or structure ahead of time. It could be Request.Header.MessageID, Request.MessageID, or even Request.Body.MessageID .
I'm looking for something that will just recognize that all of the fields that end with "MessageID" are referring to the same thing.
Is there a way I can do that? Does anyone know how I can remove the full path from the spath field names?
↧