Hi,
We have some logs encoded as json strings like the following example
(printed in multiple lines for better readability):
{ "__REALTIME_TIMESTAMP": "1464791726836654", "_TRANSPORT":
"journal", "_PID": "18509", "_UID": "0", "_GID": "0", "_COMM":
"docker", "_EXE": "/usr/bin/docker", "CONTAINER": { "ID":
"17fb289f439b", "NAME": "test" } }
Such logs can be decoded using a perlfunc pattern:
type = Single ptype = PerlFunc desc = read pattern = sub {
JSON::decode_json($_[0]) } action = logonly $+{_EXE} $+{_PID}
Is there a way for accessing the nested fields (container id and
container name in this case)?
Regards,
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
