I am new to datadog. I would like to parse a json using grok parser. The value is
[{"status": "Failed", "count": 2192}, {"status": "Succeeded", "count": 4893}]
I am using following grok:
rule %{data::keyvalue(": ")}
It gives me: {
"count": [
2192,
4893
],
"status": [
"Failed",
"Succeeded"
]
}
I want the following output:
{
status:"Succeeded",
count:"4893"
}
{
status:"Failed",
count:"2192"
}
Any help will be highly appreciated
Related
Parsed Message
{
"date": "2022-02-04",
"customerID": 123,
"customerInfo": {
"id": 123,
"lastname": "Smith",
"firstname": "David",
"email": "testing#email.com",
},
"currency": "EUR"
}
I would like to remove the customerInfo section so the JSON looks like.
{
"date": "2022-02-04",
"customerID": 123,
"currency": "EUR"
}
How would one do this in the LogicApp. I tried remove property but could not get that working. Any suggestions would be appreciated.
I have reproduced in my environment and removed customer info using remove property as below :
Firstly, I have initialized a variable as below:
Then I used compose operation as below:
In compose input: removeProperty(variables('emo'),'customerInfo')
Then i have set the variable with output of compose as below:
Output:
Try to follow above process you will get to remove customerInfo as mine got.
You just initialize new variable from that one and populate it
"Initialize_variable": {
"type": "InitializeVariable",
"inputs": {
"variables": [ {
"name": "sensitisedMessage",
"type": "Object",
"value": { "date": #message['date'], "customerID": #message['customerID'], "currency": "#message['currency']" }
} ]
},
"runAfter": {}
}
I have not checked the format of the json in an actual logic app, but you get the idea
I am trying to read JSON file stored in Azure Blob container and use the output in setting a variable but I am getting some addition data apart from main data.
My JSON input is
{
"resourceType": "cust",
"gender": "U",
"birthdate": "1890-07-31",
"identifier": [
{
"system": "https://test.com",
"value": "test"
}
],
"name": [
{
"use": "official",
"family": "Test",
"given": [
"test"
],
"prefix": [
"Mr"
]
}
],
"telecom": [
{
"system": "phone",
"value": "00000",
"use": "home"
}
]
}
The output of lookup activity is:
{
"count": 1,
"value": [
{
"JSON_F52E2B61-18A1-11d1-B105": "[{\"resourceType\":\"cust\",\"identifier\":[{\test.com",\"value\":\"test\"}],\"name\":[{\"use\":\"official\",\"family\":\"Test\",\"given\":\"[ Test ]\",\"prefix\":\"[ ]\"}],\"telecom\":[{\"system\":\"phone\",\"value\":\"00000\",\"use\":\"home\"}],\"gender\":\"unknown\",\"birthDate\":\"1890-07-12T00:00:00\"}]"
}
]
}
Now I don't understand why
in value JSON_F52E2B61-18A1-11d1-B105 is present?
so many \ are there, while it is not present in actual JSON?
I am trying to get data using elastic search in a python program. Currently I am getting the following data from an elastic search request. I wish to sort the data on rank:type. For example i want to sort data by raw_freq or maybe by score.
What should the query look like?
I believe it will be something using nested query. Help would be very much appreciated.
{
"data": [
{
"customer_id": 108,
"id": "Qrkz-2QBigkG_fmtME8z",
"rank": [
{
"type": "raw_freq",
"value": 2
},
{
"type": "score",
"value": 3
},
{
"type": "pmiii",
"value": 1.584962
}
],
"status": "pending",
"value": "testingFreq2"
},
],
}
Here is a simple example of how you can sort your data:
"query": {
"term": {"status": "pending"}
},
"sort": [
{"rank.type.keyword": {"order" : "desc"}}
]
I am trying to index data that look like the following :
var json = {
"kwg": {
"kwg0List": [
{
"lemma": "bilingue",
"categories": [
"terme"
],
"occList": [
{
"startTimeSec": 537.1,
"endTimeSec": 537.46,
"value": "bilingue"
},
{
"startTimeSec": 563.2,
"endTimeSec": 563.55,
"value": "bilingue"
}
]
}
]
}
}
Everything works fine. Now, let's say, for whatever reason, that the one of the startTimeSec fields is equal to 10. It's interpreted as a long and not as a double anymore.
I would get the following error : mapper_parsing_exception, telling me that I should have a double and not a long.
Now my question is : is there a way to "force" the long to be cast to a double when indexing, or is previously checking that the data is correctly formatted the only way of doing it?
Trace :
{
"took": 1112,
"errors": true,
"items": [
{
"create": {
"_index": "library",
"_type": "relevance",
"_id": "AViRhRJ-_Tb2laJ1W4JH",
"status": 400,
"error": {
"type": "mapper_parsing_exception",
"reason": "failed to parse",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "mapper [kwg.kwg0List.occList.endTimeSec] of different type, current_type [double], merged_type [long]"
}
}
}
}
]
}
Cloudant is returning error message:
{"error":"invalid_key","reason":"Invalid key use-index for this request."}
whenever I try to query against an index with the combination operator, "$or".
A sample of what my documents look like is:
{
"_id": "28f240f1bcc2fbd9e1e5174af6905349",
"_rev": "1-fb9a9150acbecd105f1616aff88c26a8",
"type": "Feature",
"properties": {
"PageName": "A8",
"PageNumber": 1,
"Lat": 43.051523,
"Long": -71.498852
},
"geometry": {
"type": "Polygon",
"coordinates": [
[
[
-71.49978935969642,
43.0508382914137
],
[
-71.49978564033566,
43.052210148524
],
[
-71.49791499857444,
43.05220740550381
],
[
-71.49791875962663,
43.05083554852429
],
[
-71.49978935969642,
43.0508382914137
]
]
]
}
}
The index that I created is for field "properties.PageName", which works fine when I'm just querying for one document, but as soon as I try for multiple ones, I would receive the error response as quoted in the beginning.
If it helps any, here is the call:
POST https://xyz.cloudant.com/db/_find
request body:
{
"selector": {
"$or": [
{ "properties.PageName": "A8" },
{ "properties.PageName": "M30" },
{ "properties.PageName": "AH30" }
]
},
"use-index": "pagename-index"
}
In order to perform an $or query you need to create a text (full text) index, rather than a json index. For example, I just created the following index:
{
"index": {
"fields": [
{"name": "properties.PageName", "type": "string"}
]
},
"type": "text"
}
I was then be able to perform the following query:
{
"selector": {
"$or": [
{ "properties.PageName": "A8" },
{ "properties.PageName": "M30" },
{ "properties.PageName": "AH30" }
]
}
}