https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289272#M87526 <P>Hi @ajayabburi508,<BR /> try this regex:</P> <PRE><CODE>|rex max_match=0 field=geom "\[(?&lt;value1&gt;-[^,]+),(?&lt;value2&gt;[^]]+)" </CODE></PRE> <P>after this to separate multivalue fields you can try :</P> <PRE><CODE>|eval combined=mvzip(value1,value2)| mvexpand combined | makemv combined delim="," |eval lat=mvindex(combined,0), lon=mvindex(combined,1) </CODE></PRE> Sat, 17 Feb 2018 08:12:11 GMT 493669 2018-02-17T08:12:11Z https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289271#M87525 <P>My Query is : </P> <P>|inputlookup geo_jj | eval types = "{\"geom\": " + geom + "}" | spath input=types </P> <P>i got output in geom column is :</P> <P>geom</P> <P>{"type":"MultiPolygon","coordinates":[[[[-105.8203125,31.052934646606445],[-105.8203125,48.806861877441406],[-88.06640625,48.806861877441406],[-88.06640625,31.052934646606445],[-105.8203125,31.052934646606445]]]]}</P> <P>But i want output like this </P> <P>value1 value2<BR /> -105.8203125 31.052934646606445<BR /> -105.8203125 48.806861877441406<BR /> -88.06640625 48.806861877441406<BR /> -88.06640625 31.052934646606445<BR /> -105.8203125 31.052934646606445</P> <P>Please help me for this</P> Sat, 17 Feb 2018 07:48:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289271#M87525 ajayabburi508 2018-02-17T07:48:50Z https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289272#M87526 <P>Hi @ajayabburi508,<BR /> try this regex:</P> <PRE><CODE>|rex max_match=0 field=geom "\[(?&lt;value1&gt;-[^,]+),(?&lt;value2&gt;[^]]+)" </CODE></PRE> <P>after this to separate multivalue fields you can try :</P> <PRE><CODE>|eval combined=mvzip(value1,value2)| mvexpand combined | makemv combined delim="," |eval lat=mvindex(combined,0), lon=mvindex(combined,1) </CODE></PRE> Sat, 17 Feb 2018 08:12:11 GMT https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289272#M87526 493669 2018-02-17T08:12:11Z https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289273#M87527 <P>Thanks 493669 alot ,it is working good</P> Sat, 17 Feb 2018 09:24:55 GMT https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289273#M87527 ajayabburi508 2018-02-17T09:24:55Z https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289274#M87528 <P>Glad to help:) please accept the answer so that it will no longer open.</P> Sat, 17 Feb 2018 09:48:37 GMT https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289274#M87528 493669 2018-02-17T09:48:37Z https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289275#M87529 <P>Accepted bro</P> Sat, 17 Feb 2018 10:31:35 GMT https://community.splunk.com/t5/Splunk-Search/How-to-split-Json-array-using-Splunk-Search-commands/m-p/289275#M87529 ajayabburi508 2018-02-17T10:31:35Z