This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Support for top-level array JSON structured messages?

Posted on 11-01-2024 02:48 PM
epselon
New Member
Reply posted on --/--/---- --:-- AM

Hello,

We have a product that ships log messages to a file in a top level nested JSON array - example:

[{"test": "testing","hostname":"hostname1"},{"test":"testing","hostname":"hostname2"}]

We need a parser that can break out each individual event delimited by the comma to its own event.  The built-in JSON parser only recognizes JSON events individually it seems and does not recognize the top level array even though a top level array JSON is valid JSON.

Please assist or point me to a good direction.  In Logstash we can use the "split" function to assist with this.

0 1 245
Topic Labels
0 Likes
1 REPLY 1
Top Solution Authors
View all