Sign up to take part
Registered users can ask their own questions, contribute to discussions, and be part of the Community!
Registered users can ask their own questions, contribute to discussions, and be part of the Community!
I imported the audit log files under
/run/audit
and tried to filter out rows using the filter recipe where the condition is:
logger == dku.audit.generic and no sampling method.
but the job failed and gave me an error which says
Can anyone help me on this?
Operating system used: Linux
Hi @hisyam,
This appears to be specific to JSON parsing. Please try changing the settings on your source dataset (Settings > Format / Preview) and change the Type from "JSON" to "One record per line". (Make sure to click RELOAD SCHEMA FROM DETECTED DATA if prompted to):
Create the filter recipe and add the filter dku.audit.generic.
Next create a Prepare Recipe of that dataset and first add a step to use the Unnest object Processor to flatten the JSON.
Please let me know if you have any questions.
Thanks!
Jordan
โ
Hi @hisyam,
This appears to be specific to JSON parsing. Please try changing the settings on your source dataset (Settings > Format / Preview) and change the Type from "JSON" to "One record per line". (Make sure to click RELOAD SCHEMA FROM DETECTED DATA if prompted to):
Create the filter recipe and add the filter dku.audit.generic.
Next create a Prepare Recipe of that dataset and first add a step to use the Unnest object Processor to flatten the JSON.
Please let me know if you have any questions.
Thanks!
Jordan
โ
Thank you, Jordan!
Well the only question I have is why did the filter recipe failed? The JSON parsing worked fine to produce the dataset. And I'm only checking for matching rows in the logger column which is a string type. Which intuitively, should have worked.
Hi @hisyam,