JSON Parser
The JavaScript Object Notation (JSON) Parser reads JSON data and extracts key values from the fields with valid JSON field values of normalized logs. A string filter is applied to the provided field, which defines a path for extracting values from it. The filter contains a key, which can be alphanumeric and special characters except square brackets ([]), backtick (`) and tilde (~). These exceptional characters are reserved for essential use cases, such as mapping the list and selecting a condition in JSON Parser.
The supported filter formats for JSON Parser are:
- Chaining for nested JSON
- Array access Example: .[1]
JSON Parser supports map and select functions for applying filters with true conditional statements. The supported conditional operators are: =, !=, >, < , >= and <=.
Enhancements
| Description | Issue ID | Reference ID |
|---|---|---|
| JSON Parser now supports negative indexes, enabling the return of the last element of a data set. Go to JSON Parser to learn more. |
KB-24349 |
- |
|
JSON Parser converts a non-JSON value to a list with a single item when dot (.) filter is applied. Go to JSON Parser to view a use case on a non-JSON value. |
KB-23968 | - |
Deprecated Command
JQ Parser is no longer supported. Its functions are migrated to the JSON Parser command.
Installation
To install JSON Parser:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click Applications.
- Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Past Releases
JSON Parser v5.0.2
Release Date: September 28, 2023
Supported On: Logpoint v6.7.0 and later
Download: jsonparser_5.0.2.pak
SHA256: 645060b76129ae9ebc821bd08b417e858d82e006a3ca8a15b2f7d97570a2c3f4
Usage Information
Example: | process json_parser (evidence, ".@data\.type") as analytics
In filter, the backslash (\) escaped the period (.) before type and this query applies the filter to the evidence field and extracts the key value to the data_type field.
General syntax to use map and select functions:
| process json_parser(field name, ".[condition]") as field name
Example: | process json_parser (detail, ".[.severity > 50") as listWithSeverityGreaterThan50
In the .[.severity>50] filter, a conditional statement severity>50 is used and this query applies the filter to the detail field and extracts the list of key values with the true condition to the listWithSeverityGreaterThan50 field.
JSON Parser v5.0.0
Release Date: March 13, 2023
Supported On: Logpoint v6.7.0 and later
Download: jsonparser_5.0.0.pak
SHA256: 4934645f4817f31e7e86df509d9212f5f6fb99d0ff38276c9ba7ba9a504ed183
Usage Information
Syntax:
| process json_parser (field name, "filter") as field name
Example: | process json_parser (msg, ".AzureLogAnalytics") as analytics
This query applies the AzureLogAnalytics filter to the msg field and extracts the key values to the analytics field.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.