我有一个 json 日志,如下所示
{
action: Get,
applicationName: abc,
controller: Main,
ip: 123.123.123.123,
logLevel: INFO,
loggerType: abcdef,
machineName: windows,
message: {"Value":{"Data":{"Items":[{"FieldType":"abc","Value":""},{"FieldType":"abcd","Value":""},{"FieldType":"123","Value":""}],"EncryptedDocKey":"123456","Domain":"Order","Partner":"India","Carrier":"Idea"},"RequestTrackerId":"7894561230","Message":"OK"},"Formatters":[],"ContentTypes":[],"DeclaredType":null,"StatusCode":null}
principalId: 22222222-2222-2222-2222-222222222222
requestMethod: POST
requestUrl: https://abc123.com/api/v1/get
responseData: {"Value":{"Data":{"Items":[{"FieldType":"abc","Value":""},{"FieldType":"123","Value":""},{"FieldType":"xyz","Value":""}],"EncryptedDocKey":"123456789","Domain":"Order","Partner":"india","Carrier":"idea"},"RequestTrackerId":"7894561230","Message":"OK"},"Formatters":[],"ContentTypes":[],"DeclaredType":null,"StatusCode":null}
time: 2019-07-10 18:35:23.3893,
traceId: 12345678963525,
userName: abc/12345
}
所有字段均已正确编入索引。我正在寻找在消息元素中提取 json 数据。我想使用 spath 将 FieldType,EncryptedDocKey,Domain,Partner,Carrier,RequestTrackerId 提取到自己的字段中。
也欢迎任何其他替代选择。谢谢你的帮助。
尝试了正则表达式,但它不起作用