Solved: Re: How to parse JSON with multiple array to barch...

cuongnguyen112 · ‎10-16-2019

hi, i got data like this
{
"source": "sadmin",
"sysinfo": {
"ram": [
{
"name": "ram",
"usage": 1243
},
{
"name": "ram0",
"usage": 1215
},
{
"name": "ram1",
"usage": 2151
}
],
}
}

i need to create a barchart from these data like img below:

Can any one help me please !

kamlesh_vaghela · ‎10-16-2019

@cuongnguyen112

Can you please try this?

YOUR_SEARCH  | rename sysinfo.ram{}.* as * | eval tmp =mvzip(name,usage) | mvexpand tmp | eval name=mvindex(split(tmp,","),0),usage=mvindex(split(tmp,","),1) | table name usage

My Sample Search:

| makeresults | eval _raw="{\"source\": \"sadmin\",\"sysinfo\": {\"ram\": [{\"name\": \"ram\",\"usage\": 1243},{\"name\": \"ram0\",\"usage\": 1215},{\"name\": \"ram1\",\"usage\": 2151}],}}" | extract | rename sysinfo.ram{}.* as * | eval tmp =mvzip(name,usage) | mvexpand tmp | eval name=mvindex(split(tmp,","),0),usage=mvindex(split(tmp,","),1) | table name usage

Thanks

View solution in original post

kamlesh_vaghela · ‎10-16-2019

@cuongnguyen112

Can you please try this?

YOUR_SEARCH  | rename sysinfo.ram{}.* as * | eval tmp =mvzip(name,usage) | mvexpand tmp | eval name=mvindex(split(tmp,","),0),usage=mvindex(split(tmp,","),1) | table name usage

My Sample Search:

| makeresults | eval _raw="{\"source\": \"sadmin\",\"sysinfo\": {\"ram\": [{\"name\": \"ram\",\"usage\": 1243},{\"name\": \"ram0\",\"usage\": 1215},{\"name\": \"ram1\",\"usage\": 2151}],}}" | extract | rename sysinfo.ram{}.* as * | eval tmp =mvzip(name,usage) | mvexpand tmp | eval name=mvindex(split(tmp,","),0),usage=mvindex(split(tmp,","),1) | table name usage

Thanks

cuongnguyen112 · ‎10-17-2019

Thank you, that's totally what is need

How to parse JSON with multiple array to barchart

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to parse JSON with multiple array to barchart

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...