In the JSON parser, we have several operators which need to be used at different levels.
_vars - allows you to define variable which can be used later on in the script. The parser will basically replace the vars throughout the script with the value you set. For example, this:
_vars:
root: $.blahblah
Means "${root}" will be replaced with "$.blahblah" throughout the script.
_tags:
"os.name":
_constant: "panos"
"os.version":
_value: "$.system.sw-version"
"vendor":
_constant: "paloaltonetworks"
"model":
_value: "$.system.model"
_metrics:
-
_value.double:
_count: "$.entries[0:]"
_tags:
"im.name":
_constant: "routes-usage"
A few things to note:
_optional_metrics
instead of _metrics
, one could override this behavior and not fail the command when no metrics are parsed.The "_value.*" operator is used to determine the type of metric (more on this below). The "_value" operator and the "_value.double|complex" are two very different things. The first is used to capture the contents of a specific JsonPath, whereas the second is a header of a section telling the parser what type of metric this is.
The "_tags" section here is not the same as the one at the root level (described above). Rather, these are tags to attach to the metric.
Metrics can be either DOUBLE (a number) or COMPLEX (essentially a JSON structure):
_value.double:
_constant: "1"
_tags:
im.dsType:
_constant: "counter"
When grabbing a value (for the double metric, for a temporary variable (discussed further below) or for a value in a JSON structure), you can use these operators:
In order to iterate over multiple elements which match a certain JsonPath (for example, a list of users, or a list of disks), use the _groups section. For example:
_metrics: - _groups: $.jobs[0:]: # This will iterate over an array of elements under "jobs". _value.complex: id: _value: "id" status: _value: "status" result: _value: "result" details: _value: "details" _tags: "im.name": _constant: "jobs" _value: complex-array # Tells the parser to treat this as a JSON array - multiple objects, each has the id, status, result and details keys |
Lastly, there's the _transform block. This allows you to translate the contents you've pulled from the XML to the format the metrics need. You use AWK to do this. For example:
_metrics: - _tags: "im.name": _constant: "uptime-seconds" "live-config": _constant: "true" "display-name": _constant: "Uptime" "im.dstype.displayType": _constant: "seconds" _temp: "uptime": _value: $.system.uptime _transform: _value.double: | { # 230 days, 16:57:34 split("${temp.uptime}", vals, " ") if (arraylen(vals) == 3 && vals[2] == "days,") { # 230 days, 16:57:34 days = vals[1] split(vals[3], timevals, ":") hours = timevals[1] minutes = timevals[2] seconds = timevals[3] uptime = (days * 3600 * 24) + (hours * 3600) + (minutes * 60) + seconds print uptime } } |
_metrics: - _groups: $.config.ntp[0:]: _temp: status: _value: "status" _tags: name: _value: "name" "im.name": _constant: "ntp-server-state" "live-config": _constant: "true" "display-name": _constant: "NTP Servers - State" "im.dstype.displayType": _constant: "state" "im.identity-tags": _constant: "name" _transform: _value.double: | { if ("${temp.status}" == "synched") {print "1.0"} else {print "0.0"} } |