Solved: Extract data from field

irisk · ‎06-04-2024

Hello,

I receive an event of the following format:

{ log: { 'trace_id': 'abc', 'request_time': '2024-06-04 10:49:56.470140', 'log_type': 'DEBUG', 'message': 'hello'} }

Is it possible to extract from all the events I receive the inner JSON?

* each key in the inner json will be a column value but the me

irisk · ‎06-08-2024

The problem was with the JSON because of the single quote instead of double quote, thanks for the help

gcusello · ‎06-04-2024

did you tried to use INDEXED_EXTRACTIONS = json in your sourcetype?

Ciao.

Giuseppe

irisk · ‎06-08-2024

The problem was with the JSON because of the single quote instead of double quote, thanks for the help

gcusello · ‎06-09-2024

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Extract data from field