Using Datadog Parsing rule, I am trying to extract an attribute which is present inside an array.
Sample I've been work on:
{"messageHeader":{"serviceId":"aad1","requestType":"MM"},"data":{"code":"400","reason":"Bad Request","message":[{"responseCode":"E111","description":"Unable to reserve request type"}]}}
what I wanted to achieve is:
{
"description": "Unable to reserve request type",
"responseCode": "E111"
}
I tried using this method - https://stackoverflow.com/a/62096791/8552537 but in log explorer I'm not getting the result.
Following the method explained in given link. First Grok parser:-
parsing_rule1 %{data::json}
Output:
{
"data": {
"reason": "Bad Request",
"code": "400",
"message": [
{
"description": "Unable to reserve request type",
"responseCode": "E111"
}
]
},
"messageHeader": {
"requestType": "MM",
"serviceId": "aad1"
}
}
To create a custom log-based metrics, First we need to create a facet for responseCode but facet type doesn't support an array.
Now the goal is to pull out the details from that message field. With Grok parsers you can specify a specific attribute to parse further.
So in that same pipeline I've added another grok parser processor, right after our first.
And then configured the advanced options section to run on data.message, since that is what we called the attribute. helper grok parser
Result: helper grok parser result
