Feature #1748
Add parsing of JSON fields
0%
Description
Might want to add the option to dump JSON output into a set of fields.
This would be useful for doing things like dumping pypi package information (e.g. https://pypi.python.org/pypi/pyrad/json).
Related issues
History
#1
Updated by Luke Murphey almost 8 years ago
Updated by Another option would be outputting the output as raw JSON. I'm not actually sure this is possible though because I need to include some things like the index and sourcetype.
I might be able to use the event_writer to make stash files to do this.
#3
Updated by Luke Murphey over 7 years ago
- Related to Feature #1168: Output raw data added
#4
Updated by Luke Murphey over 7 years ago
I want to see if I can just dump the JSON directly.
StashNewWriter::event_to_string() Assumes that the data is a list of fields. I strip the sourcetype using the transform "sinkhole_web_input_header". The index and source come from the stash line name so these should be good already.
#5
Updated by Luke Murphey over 7 years ago
To do this:
- Add the option to the modular input page
- Add the option to the wizard page
- Make the search command use the option
- Make sure the preview window uses the option too
- Add the option to the search BNF
- Add the option to inputs.conf.spec
- Add test cases
#6
Updated by Luke Murphey over 7 years ago
If I output raw data, then I don't need to selector page at all.
#7
Updated by Luke Murphey over 7 years ago
- Target version deleted (
4.1)
#8
Updated by Luke Murphey over 7 years ago
- Priority changed from Normal to Low