The json_parser operator parses the string-type field selected by parse_from as JSON.
| Field | Default | Description |
|---|---|---|
id |
json_parser |
A unique identifier for the operator |
output |
Next in pipeline | The connected operator(s) that will receive all outbound entries |
parse_from |
$ | A field that indicates the field to be parsed as JSON |
parse_to |
$ | A field that indicates the field to be parsed as JSON |
preserve |
false | Preserve the unparsed value on the record |
on_error |
send |
The behavior of the operator if it encounters an error. See on_error |
timestamp |
nil |
An optional timestamp block which will parse a timestamp field before passing the entry to the output operator |
severity |
nil |
An optional severity block which will parse a severity field before passing the entry to the output operator |
Configuration:
- type: json_parser
parse_from: message| Input record | Output record |
{
"timestamp": "",
"record": {
"message": "{\"key\": \"val\"}"
}
} |
{
"timestamp": "",
"record": {
"key": "val"
}
} |
Configuration:
- type: json_parser
parse_from: message.embedded
parse_to: parsed
preserve: true| Input record | Output record |
{
"timestamp": "",
"record": {
"message": {
"embedded": "{\"key\": \"val\"}"
}
}
} |
{
"timestamp": "",
"record": {
"message": {
"embedded": "{\"key\": \"val\"}"
},
"parsed": {
"key": "val"
}
}
} |
Configuration:
- type: json_parser
parse_from: message
timestamp:
parse_from: seconds_since_epoch
layout_type: epoch
layout: s| Input record | Output record |
{
"timestamp": "",
"record": {
"message": "{\"key\": \"val\", \"seconds_since_epoch\": 1136214245}"
}
} |
{
"timestamp": "2006-01-02T15:04:05-07:00",
"record": {
"key": "val"
}
} |