Skip to main content
Question

Cribl function for removing keys based off value

  • March 11, 2025
  • 2 replies
  • 48 views
R

As a part of a cribl log processing pipeline, I want to add a function to remove any JSON keys that have empty strings or empty objects.

I have a serialization function, such as this:

  - id: serde  filter: "true"  disabled: null  conf:  mode: reserialize  type: json  srcField: text  fieldFilterExpr: value !==""  fields: []  remove:  - .*

but I don't want to reserialize, as it converts a JSON object during my pipeline into a JSON string. Is there another built-in function I can use to achieve this?

Example input:

{"my-log": {}, "my-other-log": "", "my-third-log": false}

Expected output:

{"my-third-log": false}

    2 replies

    D
    • David Maislin
    • Employee
    • 228 replies
    • March 11, 2025

    Just use Parser with Extract instead of Reserialize and set the Destination to _raw and it will be an Object.

    Set the filter expression to value!=null && value

    D
    • dritan
    • Employee
    • 50 replies
    • March 11, 2025

    here’s a quick and dirty Code function. There is probably better ways but should get them going

    Object.keys(__e).forEach((k) => (__e[k] === '' || JSON.stringify(__e[k])==='{}') && delete __e[k])

    348_030fcc36d2944cecad0c8d3ba1b2946c.png


    Terms & ConditionsAccessibility statement