splunksplunk-query
splunk how to extract object to table
example event
{
"test": {
"x": "y",
"a": "b",
"code": {
"one" : {
"two": {
"c": "d"
}
}
}
}
}
how can I extract some parts of code block and present them as table. example
one | c
I have tried putting together a query but not sure how to extract specific fields
| spath
| spath test.code{} output=code
| mvexpand code
Solution
| makeresults
| eval _raw="{
\"test\": {
\"x\": \"y\",
\"a\": \"b\",
\"code\": {
\"one\" : {
\"two\": {
\"c\": \"d\"
}
}
}
}
}"
| spath test.code output=code
| table code
| spath input=code
the key idea here is the input=code, Spath command takes input as an option argument for which field to find the json to extract the values from. Spath link
the results from the example given are:
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?