Knox Lively gonzolively
gonzolively
/ example4.txt
Created
November 21, 2022 21:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Parse the key=value items into an object containing k/v pairs | |
| make_col kv:parse_kvs(log) | |
| // Convert a string version of that object to JSON | |
| make_col json:parse_json(string(kv.json_field)) | |
| // Now get the value you want | |
| make_col thing_i_wanted:json.thing_i_wanted |
gonzolively
/ example3.txt
Last active
November 21, 2022 23:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // stringThing contains some JSON inside a larger non-JSON string | |
| // extract_regex() capture group extracts the JSON into a new column, "myJSONstring" | |
| extract_regex stringThing, /(?P<myJSONstring>{.*})/ | |
| // Parse the string containing the extracted JSON | |
| make_col myJSON:parse_json(myJSONstring) | |
| // Access the desired values with dot notation | |
| make_col name:myJSON.name | |
| make_col address:myJSON.”Mailing Address” |
gonzolively
/ example2.txt
Created
November 21, 2022 21:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make_col metric:"temperature_c" | |
| make_col value:float64(FIELDS.main.temp) | |
| interface "metric" |
gonzolively
/ example1.txt
Created
November 21, 2022 21:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // FIELDS is type 'object' | |
| make_col Country:FIELDS.sys.country | |
| make_col City:FIELDS.name | |
| make_col Temp:float64(FIELDS.main.temp) |
gonzolively
/ example5.txt
Created
August 29, 2022 18:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // That thing is in here somewhere! | |
| coalesce(obj['value'], | |
| obj['inner']['value'], | |
| obj['maybe_in_here']['value'], | |
| obj['gotta_be_this_one']['value'], | |
| "Default Value") |
gonzolively
/ example4.txt
Created
August 29, 2022 18:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // log contains several key/value pairs | |
| // The Monitor ID we want might be either monitor or monitorId | |
| make_col kv:parse_kvs(log) | |
| make_col monitorId:coalesce(kv.monitor, kv.monitorId) |
gonzolively
/ example3.txt
Created
August 29, 2022 18:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Use a localized color name if possible | |
| make_col color:case( language="en-US", "green", | |
| language="fr-FR", "vert", | |
| language="it-IT", "verde", | |
| true, "green" ) |
gonzolively
/ Example2.txt
Created
August 29, 2022 18:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Replace null values in existing field "description" | |
| make_col description:if_null(description, "No description available") |
gonzolively
/ example1.txt
Created
August 29, 2022 18:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // temp could be either F or C | |
| filter temp > if(country = "US", 86, 30) |
gonzolively
/ examle6.txt
Created
July 15, 2022 21:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // New column for build log path (not strictly required, but useful) | |
| make_col path:string(event.path) | |
| // Extract the job name as jobName and build ID as buildId from the path field | |
| extract_regex path, /\/var\/lib\/jenkins\/jobs\/(?P<jobName>[^\/]+)\/builds\/(?P<buildId>\d+)\/log/ | |
| // Filter to eliminate null job names | |
| filter not is_null(jobName) |
NewerOlder