在下面由警报规则创建的示例elasticsearch doument中,包含3个以逗号分隔的json对象字符串,但它们不包含在数组[]中,因此在Go中无法解析它们。
有人能帮我解析点击文档吗
[map[_id:2s3kfXoB2vuM1J-EwpE7 _index:alert-X _score:%!s(float64=1)
_source:
map[@timestamp:2021-07-06T22:16:21.818Z
alert_name:alert events login
hits:
{"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"S83kfXoB2vuM1J-Eo4_v", ...
{"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"Ss3kfXoB2vuM1J-Eo4_v",...
{"_index":".ds-logs-events-2021.06.30-000005","_type":"_doc","_id":"N83kfXoB2vuM1J-EiI2l",...
rule_id:cfb85000-db0e-11eb-83e0-bb11d01642c7
]
型号
type Alert struct {
Alert string `json:"alert_name"`
Hits []*Event `json:"hits"`
}
type Event struct {
Model string
Action string
}
以下为官方示例使用官方go弹性搜索和easyjson
将json字符串与数组块连接起来,并能够对其进行解组
hitsArray := "[" + alert.Source.Hits + "]"
var hits []model.AlertHits
json.Unmarshal([]byte(hitsArray), &hits)
for _, hit := range hits {
log.Printf("hit %s action %s", hit.ID, hit.Source.Message.Action)
}
型号.go
type AlertHits struct {
ID string `json:"_id"`
Source Event `json:"_source"`
}
type Event struct {
Message Message `json:"message"`
}
type Message struct {
Action string `json:"action"`
Model string `json:"model"`
}