I have indexed a JSON file and want to remove field which has 'null' value(event 1) but if the same field have any correct value in the next event(2) it should consider that field and extract the result. Please advise.
Logs as below:
**Event1:**
{
policy: null
protocol: null
reason: null
severity: low
sid: xxx
source_port: null
src: xx.xx.xx.xx
success: null
terminal_source: xx.xx.xx.xx
}
**Event2:**
{
policy: Normal
protocol: 4
reason: null
severity: low
sid: xxx
source_port: 234
src: xx.xx.xx.xx
success: null
terminal_source: xx.xx.xx.xx
}
↧