If you don't use this option, json auto will also extract all other JSON fields in the message. Use the refonly option to extract only the referenced keys. The keys are not case sensitive with the auto option. The keys can be renamed (aliased) using as. To have it operate on a different field, use the field option. By default, json auto will attempt to extract JSON fields from the entire raw log message.
Not familiar with JSONPath syntax? Try our UI generator that can create the parse expression for a specific JSON key for you. See Format JSON messages in search results.īecause JSON supports both nested keys and arrays that contain ordered sequences of values, the Sumo Logic JSON operator allows you to extract:
If the messages in your search results can be formatted as JSON, the Messages tab presents the option to display each message in JSON or raw format. See the supported JSONPath syntax elements below. The JSON operator allows you to extract values from JSON logs with most JSONPath expressions.