Create Two Temporary Events for Troubleshooting - Example 2 | LogScale Query Examples

Create Two Temporary Events for Troubleshooting - Example 2

Create two temporary events for testing or troubleshooting using the createEvents() function with parseJson()

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0@{ shape: doc, label: "Source or File" } 1[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result

logscale

createEvents(["{\"animal\":{\"kind\":\"dog\", \"weight\":7.0}}", "{\"animal\":{\"kind\":\"cat\", \"weight\":4.2}}"])
| parseJson()

Introduction

The createEvents() function generates temporary events as part of the query. The function is ideal for generating sample data for testing or troubleshooting.

In this example, the createEvents() function is combined with parseJson() to parse @rawstring as JSON.

Example incoming data might look like this:

json

[
{"animal":{"kind":"dog", "weight":7.0}},
{"animal":{"kind":"cat", "weight":4.2}}
]

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0@{ shape: doc, label: "Source or File" } 1[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
createEvents(["{\"animal\":{\"kind\":\"dog\", \"weight\":7.0}}", "{\"animal\":{\"kind\":\"cat\", \"weight\":4.2}}"])
```
Creates two temporary events. An event with dog and an event with cat.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0@{ shape: doc, label: "Source or File" } 1[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
| parseJson()
```
Parses specified fields as JSON.
Event Result set.