I have a same field multiple times in one request body and need to find the value for each occurrence. like subTypeCodeId filed. result should have subTypeCodeId = 2
subTypeCodeId = 3
{
"Items": [
{
"emailId": "#stny.com",
"item": {
"subTypeCodeId": "2"
}
},
{
"emailId": "#comcast.com",
"item": {
"subTypeCodeId": "3"
}
}
]
}
splunk query: index="gcp_prod_ecomm_cx_wallet" "1570081534220" "API_NAME:wallet.addItemsToWalletBulk" |rex "subTypeCodeId\x5C\":\x5C\"(?.*)\""
Use the max_match option of rex. It will make subTypeCodeId a multi-value field containing all values.
index="gcp_prod_ecomm_cx_wallet" "1570081534220" "API_NAME:wallet.addItemsToWalletBulk"
| rex max_match=0 "subTypeCodeId\x5C\":\x5C\"(?<subTypeCodeId>.*)\""
You also might want to look into the spath command, which can parse json data.
Related
I have the following column returned from ARG:
{
"a": {
"key1": [
"text1",
"text2"
]
}
"b": {
"key2": [
"text1",
"text2"
]
}
}
I'm trying to create another column which would contain a list of all the keys.
So in the example above, the new column would contain:
["key1, "key2"]
I also see that I don't have all the functionality to run in ARG so I'm not sure if what I'm trying to do is possilbe.
| mv-expand kind=array doc
| summarize make_list(bag_keys(doc[1]))
I have following json which I have flattened partially using explode
{
"result":[
{
"employee":[
{
"employeeType":{
"name":"[empName]",
"displayName":"theName"
},
"groupValue":"value1"
},
{
"employeeType":{
"name":"#bossName#",
"displayName":"theBoss"
},
"groupValue":[
{
"id":"1",
"type":{
"name":"firstBoss",
"displayName":"CEO"
},
"name":"Martha"
},
{
"id":"2",
"type":{
"name":"secondBoss",
"displayName":"cto"
},
"name":"Alex"
}
]
}
]
}
]
}
I need to get following fields:
employeeType.name
groupValue
I am able to extract those fields and value. But, if name value starts with # like in "name":"#bossName#", I am getting groupValue as string from which I need to extract id and name.
"groupValue":[
{
"id":"1",
"type":{
"name":"firstBoss",
"displayName":"CEO"
},
"name":"Martha"
},
{
"id":"2",
"type":{
"name":"secondBoss",
"displayName":"cto"
},
"name":"Alex"
}
]
How to convert this string to json and get the values.
My code so far:
from pyspark.sql.functions import *
db_flat = (df.select(explode("result.employee").alias("emp"))
.withColumn("emp_name", col(emp.employeeType.name))
.withColumn("emp_val",col("emp.groupValue")).drop("emp"))
How can I extract groupValue from db_flat and get id and name from it. Maybe use python panda library.
Since you see they won't be dynamic. You can traverse through the json while mapping like as below. Just identify record and array, specify index [i] as needed.
Example:
id --> $['employee'][1]['groupValue'][0]['id']
name --> $['employee'][1]['groupValue'][0]['type']['name']
I have payload from which I need to extract only list of creator_by__v fields as list of strings from payload OBJECTS where abbreviation__c=='CN'. The payload is below.
The payload is:
{
"data": [{
"created_by__v": 2447129,
"document_country__vr": {
"responseDetails": {
"limit": 250
},
"data": [{
"name__v": "China",
"abbreviation__c": "CN"
}]
},
"version_modified_date__v": "2020-11-30T06:33:41.000Z"
}
]
}
enter image description here
You can use filter to get only the entries you need and then map to extra the created_by__v values
(payload.data filter $.document_country__vr.data[0].abbreviation__c == "CN")
map $.created_by__v as String
MarkLogic Version: 9.0-6.2
I am trying to apply Xpath in extract-document-data (using Query Options) on a JSON document shown below. I need to filter out "Channel" property if the underneath property "OptIn" has a value of "True".
{
"Category":
{
"Name": "Severe Weather",
"Channels":[
{
"Channel":
{
"Name":"Email",
"OptIn": "True"
}
},
{
"Channel":
{
"Name":"Text",
"OptIn": "False"
}
}
]
}
}
I tried below code,
'<extract-document-data selected="include">' +
'<extract-path>//*[OptIn="True"]/../..</extract-path>' +
'</extract-document-data>' +
which is only pulling from "Channel" property as shown below.
[
{
"Channel": {
"Name": "Email",
"OptIn": "True"
}
}
]
But my need is to pull from parent "Category" property, but filter out the Channels that have OptIn value as False.
Any pointers?
If I understand correctly, you'd like to extract 'Category', but only with those 'Channel's that have 'OptIn' equalling 'true', right?
Extract-document-data is not advanced enough for that. You best extract entire Categories which have at least one OptIn equalling true (//Category[//OptIn = 'true']), and use a REST transform on the search response to trim down the unwanted Channels..
HTH!
I am replacing an existing REST endpoint with GraphQL.
In our existing REST endpoint, we return a JSON array.
[{
"id": "ABC"
},
{
"id": "123"
},
{
"id": "xyz"
},
{
"id": "789"
}
]
GraphQL seems to be wrapping the array in two additional object layers. Is there any way to remove the "data" and "Client" layers?
Response data:
{
"data": {
"Client": [
{
"id": "ABC"
},
{
"id": "123"
},
{
"id": "xyz"
},
{
"id": "789"
}
]
}
}
My query:
{
Client(accountId: "5417727750494381532d735a") {
id
}
}
No. That was the whole purpose of GraphQL. To have a single endoint and allow users to fetch different type/granularity of data by specifying the input in a query format as opposed to REST APIs and then map them onto the returned JSON output.
'data' acts as a parent/root level container for different entities that you have queried. Without these keys in the returned JSON data, there won't be any way to segregate the corresponding data. e.g.
Your above query can be modified to include another entity like Owner,
{
Client(accountId: "5417727750494381532d735a") {
id
}
Owner {
id
}
}
In which case, the output will be something like
{
"data": {
"Client": [
...
],
"Owner": [
...
]
}
}
Without the 'Client' and 'Owner' keys in the JSON outout, there is no way to separate the corresponding array values.
In your case, you can get only the array by doing data.Client on the returned output.