Generating events from a nested JSON
Some event sources send events as a nested JSON in a JSON message. The parser can be configured to extract and parse the nested JSON.
Given the following data which contains a nested JSON
in one of its objects, payload
, the parser needs
to be configured using both the MessagePayload property
and the JsonNestedPayload property. Example parser
configuration and the tokens generated are shown in the table that
follows.
{
"payload" :"{\"properties\": {\"storage\": {\"type\": \"object\",\"oneOf\": [
{\"$ref\": \"#\/definitions\/diskDevice\"}, {\"$ref\":
\"#\/definitions\/diskUUID\"},{\"$ref\": \"#\/definitions\/nfs\"},{\"$ref\":
\"#\/definitions\/tmpfs\"}]},\"fstype\":{\"enum\":[\"ext3\",\"ext4\",\"btrfs\"]},
\"options\":{\"type\":\"array\",\"minItems\":\"1\",\"items\": {\"type\":
\"string\"},\"uniqueItems\": \"true\"}}}",
"header": {"options" : "none"},
"log":{"message":"Alert"}
}
Json parser properties | Tokens generated |
---|---|
|
|
|
|
|
|
|
Note: The
fstype object is not
under the ‘storage’ object but is also parsed because
it is specified as the Header object. |
|
|
Note: The
resync_event
token is not
part of the Json message but is generated by the probe for internal
use.