I have the following event:
{ [-]
ident: vcap.cloud_controller_ng
message: {"timestamp":1489461920.4637804,"message":"(0.000343s) SELECT * FROM `spaces` WHERE `id` = 479","log_level":"info","source":"cc.db","data":{"request_guid":"27de1815-57c0-41a5-63e1-614c44dfcac7::ef9ddb89-8aaf-46da-8843-902a91f95b44"},"thread_id":47430748867200,"fiber_id":47430746457820,"process_id":5696,"file":"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/2.3.0/gems/sequel-4.29.0/lib/sequel/database/logging.rb","lineno":70,"method":"block in log_each"}
orig_host: 10.72.134.207
pid: job=api_z2 index=1
pri: 14
}
I need to use the ident field as the source type, get the timestamp out of the message line and set host as org_host field. I would also like to parse out the message field and make it kv pairs in son format. I have tried numerous things to no avail. How would you all approach this?
Any help is much appreciated!
↧