Skip to main content

As a part of a cribl log processing pipeline, I want to add a function to remove any JSON keys that have empty strings or empty objects.

I have a serialization function, such as this:

  - id: serde  filter: "true"  disabled: null  conf:  mode: reserialize  type: json  srcField: text  fieldFilterExpr: value !==""  fields: []  remove:  - .*

but I don't want to reserialize, as it converts a JSON object during my pipeline into a JSON string. Is there another built-in function I can use to achieve this?

Example input:

{"my-log": {}, "my-other-log": "", "my-third-log": false}

Expected output:

{"my-third-log": false}

Just use Parser with Extract instead of Reserialize and set the Destination to _raw and it will be an Object.

Set the filter expression to value!=null && value

here’s a quick and dirty Code function. There is probably better ways but should get them going

Object.keys(__e).forEach((k) => (__e_k] === '' || JSON.stringify(__e_k])==='{}') && delete __e_k])

348_030fcc36d2944cecad0c8d3ba1b2946c.png

Reply


Terms & ConditionsCookie settings