1. Documentation
  2. Parsing Log Files
  3. Log Parsers
  4. JSON Parser

JSON Parser

LogViewPlus has a built in JSON parser which is capable of analyzing your JSON log files.  It does this by parsing your JSON file according to a template.  A template is a sample JSON log entry that has certain fields identified with Conversion Specifiers.

Let's look at a simple JSON example: 

{
   "firstName":"John",
   "lastName":"Doe",
   "employeeId":"12345",
   "other":"ignore me",
   "dateJoined":"2014-05-16 10:50:14,125"
}

This is a JSON log entry with five fields: firstName, lastName, employeedId, other, and dateJoined.  What we need to do is replace the field data with a Conversion Specifier that identifies the field data type.  This might give us the following mapping.

JSON Field
Conversion Specifier
LogViewPlus Column
firstName
%S{First Name}
First Name
lastName
%S{Last Name}
Last Name
employeeId
%s{Employee Id}
Employee Id
other
 
We want to ignore this field.
dateJoined
%d
Date and Time

Therefore, we could parse this JSON log entry with the template: 

{
   "firstName":"%S{First Name}",
   "lastName":"%S{Last Name}",
   "employeeId":"%s{Employee Id}",
   "dateJoined":"%d"
}

Notice that in the above template the "other" field has been ignored. To ignore a field we simply do not include it in our template.  If one of the elements we were interested in had been a child of a parent node, we would have needed to include the parent node in our template. The important thing is that the template has the full path to the target node.

Once we load this template into LogViewPlus it will appear as:

To do this, we just need to give LogViewPlus our parsing template as an argument for the JSON parser.  We can do this in Parser Mappings:

White space will be ignored, so we are free to format the JSON as needed.

Log files parsed with the JSON parser support automatic pretty-printing.

Finally, notice the similarities between the JSON Parser and the XML Parser discussed in the next section.  Both use the concept of templates, so once you have learned one you have basically learned the other.

Parsing Embedded JSON

LogViewPlus v2.5.56 and greater can parse JSON log entries are embedded within a parent object.  For example, consider the JSON log file: 

{
   logid: "App Log 1",
   entries: [
      {
         "firstName":"John",
         "lastName":"Doe",
         "employeeId":"12345",
         "other":"ignore me",
         "dateJoined":"2014-05-16 10:50:14,125"
      },
      {  ...  }
   ]
}

Our conversion pattern for this log file will largely look the same as before with one crucial difference.  We must specify the outer element which will act to identify the resulting log entries.  The outer element must be an object.

In the example above, the outer element is "entries".  Using this, we can define our conversion pattern as: 

{
   entries: [
      {
         "firstName":"%S{First Name}",
         "lastName":"%S{Last Name}",
         "employeeId":"%S{Employee Id}",
         "dateJoined":"%d"
      }
   ]
}

If the outer object containing our log entries was a child of another object, it would not be necessary define the additional outer object.  LogViewPlus will always traverse an object hierarchy automatically.  Log entry identifiers only need to exist at the log entry root.

Compact Log Event Format (CLEF)

LogViewPlus is a great tool for viewing CLEF log entries, for example messages created by Serilog.   CLEF stands for Compact Log Event Format and it is a method of producing log entries where the log message data is extracted and stored as separate fields withing the log entry.  This helps ensure the log entries are machine readable.

You can view CLEF log messages in LogViewPlus by adding a parser hint when processing the JSON message.  For example, consider the following CLEF log entry: 

{
   "@t": "2020-04-25T04:03:29.3546056Z",
   "@mt": "Connection id '{Id}' accepted.",
   "Properties":
   {
      "Id": "0HMA0H"
   }
}

This log entry can be parsed using the JSON parser and the pattern: 

{ "@t": "%d", "@mt": "%m{-parserhint:CLEF}" }

Notice that the pattern configuration contains a parser hint which is including using the special parameter -parserhint:CLEF.  This instruction tells the parser that the log entry message may be formatted to include data from within the JSON message.  The included data may be found either at the root level or (more commonly) within a 'Properties' child element.

Parsing our sample log entry using the CLEF parser hint will produce a log entry message that is easier to read.  In our example, this message would be: 

Connection id '0HMA0H' accepted.

Notice how the connection ID has been extracted from the property data and inserted into the log entry message.

< >

Chapters

Topics

Pages