Regex 使用spath解析json_Regex_Splunk_Splunk Calculation_Splunk Formula

Regex 使用spath解析json

regex

Regex 使用spath解析json,regex,splunk,splunk-calculation,splunk-formula,Regex,Splunk,Splunk Calculation,Splunk Formula,我有一个json日志，如下所示 { action: Get, applicationName: abc, controller: Main, ip: 123.123.123.123, logLevel: INFO, loggerType: abcdef, machineName: windows, message: {"Value":{"Data":{"Items":[{"FieldType":"abc","Value":""},{"FieldType":"abcd","Value"

我有一个json日志，如下所示

{
action: Get, 
applicationName: abc,
controller: Main, 
ip: 123.123.123.123, 
logLevel: INFO, 
loggerType: abcdef, 
machineName: windows, 
message: {"Value":{"Data":{"Items":[{"FieldType":"abc","Value":""},{"FieldType":"abcd","Value":""},{"FieldType":"123","Value":""}],"EncryptedDocKey":"123456","Domain":"Order","Partner":"India","Carrier":"Idea"},"RequestTrackerId":"7894561230","Message":"OK"},"Formatters":[],"ContentTypes":[],"DeclaredType":null,"StatusCode":null} 
principalId: 22222222-2222-2222-2222-222222222222 
requestMethod: POST 
requestUrl: https://abc123.com/api/v1/get 
responseData: {"Value":{"Data":{"Items":[{"FieldType":"abc","Value":""},{"FieldType":"123","Value":""},{"FieldType":"xyz","Value":""}],"EncryptedDocKey":"123456789","Domain":"Order","Partner":"india","Carrier":"idea"},"RequestTrackerId":"7894561230","Message":"OK"},"Formatters":[],"ContentTypes":[],"DeclaredType":null,"StatusCode":null} 
time: 2019-07-10 18:35:23.3893, 
traceId: 12345678963525, 
userName: abc/12345 
}

所有字段都已正确索引。我希望在message元素中提取json数据。我想使用spath将FieldType、EncryptedDocKey、Domain、Partner、Carrier、RequestTrackerId提取到它自己的字段中

我们也欢迎任何其他备选方案。谢谢你的帮助

尝试了regex，但没有成功

欢迎使用堆栈溢出。很难说问题出在哪里，因为粘贴到验证器中的内容不是有效的json。这正是日志中的内容吗？@Praveen您能以代码格式共享您的JSON数据吗？请查看| eval中的spath。欢迎来到堆栈溢出。很难说问题出在哪里，因为粘贴到验证器中的内容不是有效的json。这正是日志中的内容吗？@Praveen您能以代码格式共享您的JSON数据吗？请查看| eval中的spath。