I have the following JSON document:
{
"pbid": 123,
"pid": 0,
"time": 1483551745000,
"timestamp": "2017-01-04 17:42:25",
"creationTime": 1483551789000,
"creationTimestamp": "2017-01-04 17:43:09",
"name": "myname",
"triggeredComponents": [
{
"device": {
"did": 20,
"ip": "127.0.0.1",
"firstSeen": 1427474095000,
"lastSeen": 1483545006000,
"typename": "dnsserver"
},
"time": 1483551789000
}
]
}
Using Jolt I need to transform this into the following:
{
"event_id" : 123, ( pbid )
"name" : "myname", ( name )
"did": "20", ( triggeredComponents[0].device.did )
"first_seen": 1427474095000, ( triggeredComponents[0].device.firstSeen )
"last_seen": 1483545006000 ( triggeredComponents[0].device.lastSeen )
}
I'm fine with the basic shifts (event_id
and name
) but I can't figure out how to extract from the array. This is my current attempt (I've tried a few other ways, too):
[
{
"operation": "shift",
"spec": {
"pbid": "event_id",
"name": "name",
"triggeredComponents" : {
"*": {
"did": "triggeredComponents[&1].device.did",
"first_seen": "triggeredComponents[&1].device.firstSeen",
"last_seen": "triggeredComponents[&1].device.lastSeen"
}
}
}
}
]
After chasing with the vendor it appears that the triggeredComponents
array will only contain one object, so I only need to look at the 0th element.