在由警报规则创建的以下示例弹性搜索中,在命中下包含 3 个逗号分隔的 json 对象字符串,但它们不包含在数组 [] 中,因此在 Go 中无法解析它们。有人可以帮助我解析命中文档吗?[map[_id:2s3kfXoB2vuM1J-EwpE7 _index:alert-X _score:%!s(float64=1) _source: map[@timestamp:2021-07-06T22:16:21.818Z alert_name:alert events login hits: {"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"S83kfXoB2vuM1J-Eo4_v", ... {"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"Ss3kfXoB2vuM1J-Eo4_v",... {"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"N83kfXoB2vuM1J-EiI2l",... rule_id:cfb85000-db0e-11eb-83e0-bb11d01642c7 ] 型type Alert struct { Alert string `json:"alert_name"` Hits []*Event `json:"hits"`}type Event struct { Model string Action string}遵循官方示例 使用官方弹性搜索和易生
1 回答
至尊宝的传说
TA贡献1789条经验 获得超10个赞
将 json 字符串与数组块连接起来,并能够取消封送
hitsArray := "[" + alert.Source.Hits + "]"
var hits []model.AlertHits
json.Unmarshal([]byte(hitsArray), &hits)
for _, hit := range hits {
log.Printf("hit %s action %s", hit.ID, hit.Source.Message.Action)
}
模型.go
type AlertHits struct {
ID string `json:"_id"`
Source Event `json:"_source"`
}
type Event struct {
Message Message `json:"message"`
}
type Message struct {
Action string `json:"action"`
Model string `json:"model"`
}
- 1 回答
- 0 关注
- 63 浏览
添加回答
举报
0/150
提交
取消