Edge Delta JSON Unescape Processor

Extract escaped content and convert it to an unescaped format.

Overview

The JSON Unescape Processor “unescapes” characters from a string. This is useful when working with compressed strings that have escape characters in them or when dealing with escaped JSON.

  • incoming_data_types: log
  • outgoing_data_types: log

Example Configuration

- name: unescape_json_test
  type: unescape_json
  process_field: item["body"]
  field_path: item.attributes.unescaped

In this example the body is extracted and reformatted without escape characters, and the result is upserted into an attributes field called unescaped.

Input log:

Suppose a web service is handling an exception and it logs a structured error message in JSON format. The details field is a string that contains JSON so, in this scenario, the quotes within the JSON structure need to be escaped to be valid within the outer JSON string.

{"timestamp": "2024-12-27T11:00:00Z", "service": "payment-service-node17", "severity": "error", "error_message": "Failed to process payment", "details": "{\"error_code\": \"INV_PAY\", \"error_detail\": \"Payment method not supported\", \"transaction_id\": \"TX12345ABC\"}"}

Input log formatted for readability:

{
  "timestamp": "2024-12-27T11:00:00Z",
  "service": "payment-service-node17",
  "severity": "error",
  "error_message": "Failed to process payment",
  "details": "{\"error_code\": \"INV_PAY\", \"error_detail\": \"Payment method not supported\", \"transaction_id\": \"TX12345ABC\"}"
}

Output Log:

The input log is unescaped using the unescape_json node to extract the details for further analysis, parsing or alerting. The attributes.unescaped field contains the string representation of the entire log with the JSON in the details field unescaped. The unescaped content is not parsed into a structured JSON object.

Note the GUI formats logs when displaying them. Therefore the escapes appear to be removed in the body section of the GUI, but the log in the archive still contains them:

Body:

{"timestamp": "2024-12-27T11:00:00Z", "service": "payment-service-node17", "severity": "error", "error_message": "Failed to process payment", "details": "{\"error_code\": \"INV_PAY\", \"error_detail\": \"Payment method not supported\", \"transaction_id\": \"TX12345ABC\"}"}

Attributes:

{
  "event.domain": "",
  "event.name": "",
  "unescaped": "{\"details\":{\"error_code\":\"INV_PAY\",\"error_detail\":\"Payment method not supported\",\"transaction_id\":\"TX12345ABC\"},\"error_message\":\"Failed to process payment\",\"service\":\"payment-service-node17\",\"severity\":\"error\",\"timestamp\":\"2024-12-27T11:00:00Z\"}"
}

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: unescape_json

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

Optional Parameters

process_field

The process_field parameter defines the field containing the escaped characters. It is specified with CEL or a field path and is optional. The default is item["body"].

nodes:
  - name: unescape_characters
    type: unescape_json
    process_field: item["body"]
    field_path: item.attributes.unescaped

field_path

The field_path parameter defines the field into which the unescape string will be upserted. It is specified with a dot separated path reference or bracket notation and is optional. If unspecified, the process_field will be used meaning the unescaped string will replace the escaped string.

nodes:
  - name: unescape_characters
    type: unescape_json
    process_field: item["body"]
    field_path: item.attributes.unescaped