JSON Jiu Jitsu: Has JSON Parsing Got You in a Chokehold?

From malformed fields to endlessly nested objects, JSON logs can feel like they’re trying to submit your SIEM. In this technical session, we’ll demonstrate how to turn that chokehold into a clean takedown using Graylog’s parsing, normalization, and enrichment capabilities.

You’ll learn how to:

• Quickly ingest and parse JSON from cloud, endpoint, and sources - Normalize fields with pipelines so your searches, dashboards, and alerts just work
• Enrich JSON data with threat intel and asset context without breaking a sweat
• Avoid performance and cost traps when dealing with large JSON payloads.

Whether you’re a SOC analyst tired of regex wrestling or an admin looking to streamline onboarding, you’ll leave with practical techniques to make messy JSON your sparring partner—not your opponent.