I am indexing JSON data. I need to be able to do stats based "by patches" and "by admin". I can't get spath or mvexpand to extract the nested arrays properly. Can anyone help me to figure this out?
My props.conf looks like this:
[ my_json ]
INDEXED_EXTRACTIONS = json
KV_MODE=none
MAX_TIMESTAMP_LOOKAHEAD=30
NO_BINARY_CHECK=true
TIMESTAMP_FIELDS=upTime
TIME_FORMAT=%Y-%m-%d %H:%M:%S
The data is similar to this:
{
upTime: "2015-02-08 16:43:23",
"type": "thetype",
"id": "123454829",
"systems": [
{
hostname: "host1",
admins: [ "jdoe","lcod", "pamtie"],
os: "linux",
patches: ["1.2", "2.3", "4.3", "5.4"]
},
{
hostname: "host2",
admins: [ "barry", "patty"],
os: "linux",
patches: ["2.3", "5.4"]
}
]
}
↧