Skip to content

Tools for parse JSON-like logs for collecting unique fields and events


Notifications You must be signed in to change notification settings


Repository files navigation

Codacy Badge GoDoc Build Status Go Report Card Say Thanks!


Tool for parse JSON-like logs for collecting unique fields. Main purpose to collect JSON-data with typical events and fields it is useful when you want to create mapping schema for database and you want to reduce the risks of forgotten fields. By default separator between to nested structs is "->", but you can change it with environment.

API consist:

-  POST /v1/json/
-  POST /v1/mjson/
-  GET /v1/fileds/
-  GET  /v1/events/
-  GET /v1/events/:logname/:eventid
-  DELETE /v1/events/:logname/:eventid
-  DELETE /v1/fields/:field

P.S. additionally info about all new events/fields will be show in stdout.


docker build . -t parsefield
docker run -d -p 8000:8000 parsefield


docker-compose -p 8000:8000 -d up 


Push new log for parse

Single message per request

curl -X POST -d '{"process_name": "calc.exe", "process_path":"C:\\windows\\system32"}'

Multiple message per request

curl -X POST -d '[{"process_name": "calc.exe", "process_path":"C:\\windows\\system32"},{"process_image": "calc.exe", "process_path":"C:\\windows\\system32"},{"pid":"1"}]'

All unique fields


All unique events


Show body of event


Delete events, fields

curl -X DELETE - delete events with logname Sysmon and eventId 999
curl -X DELETE - delete field with name key