Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decoding nested JSON objects #3

Open
luckyb56 opened this issue May 11, 2016 · 4 comments
Open

Decoding nested JSON objects #3

luckyb56 opened this issue May 11, 2016 · 4 comments
Labels
feature in progress triaged

Comments

@luckyb56
Copy link

When using Packetbeat to send messages directly to Graylog2, the nested JSON objects won't be decoded and would be seen as '[object Object],[object Object]' under search UI. Example input JSON message:

{
  "_index" : "graylog_5",
  "_type" : "message",
  "_id" : "572b9193-16df-11e6-8a3b-000c2942c251",
  "_version" : 1,
  "found" : true,
  "_source" : {
    "packetbeat_bytes_in" : 32,
    "packetbeat_method" : "QUERY",
    "packetbeat_type" : "dns",
    "packetbeat_responsetime" : 140,
    "packetbeat_query" : "class IN, type A, conn.skype.com",
    "gl2_remote_ip" : "172.16.220.1",
    "packetbeat_dns_question_name" : "conn.skype.com",
    "gl2_remote_port" : 65532,
    "packetbeat_dns_additionals_count" : 0,
    "packetbeat_dns_answers_count" : 2,
    "source" : "abs-MacBook-Pro.local",
    "type" : "dns",
    "gl2_source_input" : "572a39d0cdf3830902a406df",
    "packetbeat_dns_response_code" : "NOERROR",
    "packetbeat_direction" : "out",
    "packetbeat_client_ip" : "192.168.0.3",
    "packetbeat_dns_flags_recursion_allowed" : true,
    "packetbeat_dns_flags_truncated_response" : false,
    "packetbeat_dns_question_class" : "IN",
    "gl2_source_node" : "b6d4add1-2cfc-4fd1-b18d-0ad0478e00a8",
    "packetbeat_dns_flags_authoritative" : false,
    "packetbeat_status" : "OK",
    "packetbeat_client_port" : 60426,
    "timestamp" : "2016-05-10 18:45:16.558",
    "packetbeat_ip" : "192.168.0.1",
    "packetbeat_dns_op_code" : "QUERY",
    "packetbeat_bytes_out" : 83,
    "packetbeat_dns_flags_recursion_desired" : true,
    "packetbeat_transport" : "udp",
    "packetbeat_dns_authorities_count" : 0,
    "packetbeat_resource" : "conn.skype.com",
    "streams" : [ "572ae5c9cdf3830902a4bb7f" ],
    "packetbeat_dns_answers" : [ {
      "class" : "IN",
      "data" : "conn.skype.akadns.net",
      "name" : "conn.skype.com",
      "ttl" : 464,
      "type" : "CNAME"
    }, {
      "class" : "IN",
      "data" : "91.190.216.81",
      "name" : "conn.skype.akadns.net",
      "ttl" : 300,
      "type" : "A"
    } ],
    "message" : "-",
    "packetbeat_dns_question_type" : "A",
    "packetbeat_count" : 1,
    "name" : "MacBook-Pro.local",
    "packetbeat_dns_id" : 62527,
    "facility" : "packetbeat",
    "packetbeat_port" : 53
  }
}

packetbeat_dns_answers structure won't be decoded in this example.
@pramodanarase
Copy link

@luckyb56 what you want ? decode in single message or multiple message?
if decode into multiple message on nested field(in your case packetbeat_dns_answers) i think we need to implement feature like logstash split filter using "MultiMessageCodec".

@luckyb56
Copy link
Author

@pramodanarase A single message would be great as it will keep the context and do basic level of stats.

@rompic
Copy link
Contributor

rompic commented Nov 19, 2016

+1

@joschi joschi mentioned this issue Nov 21, 2016
Closed
@edmundoa edmundoa mentioned this issue Nov 21, 2016
Merged
@edmundoa edmundoa self-assigned this Nov 21, 2016
joschi pushed a commit to Graylog2/graylog2-server that referenced this issue Nov 21, 2016
@edmundoa @joschi
Fix problems rendering object fields (#3106)
e227664 
Some messages may contain objects as field values, and we need to
properly convert them into strings that can be rendered by react.

This commit changes the way we convert values into strings, relying on
`JSON.stringify()` to do it.

Refs Graylog2/graylog-plugin-beats#3
@kroepke
Copy link
Member

kroepke commented Feb 15, 2018

This has been partially addressed in Graylog2/graylog2-server#3106 and #29

@joschi joschi mentioned this issue Mar 19, 2018
Closed
@edmundoa edmundoa removed their assignment Jun 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature in progress triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@kroepke @jalogisch @edmundoa @rompic @luckyb56 @pramodanarase