Solved: Re: Json parsing

incoghnito_1 · ‎12-07-2021

Hello ,
I realy hope you can help me !! 🙂
I have a json from API request (dynatrace).

I would like to have the value agent version for each host

How can i do this ?

My command :

***index="dynatrace_hp" "agentVersion.major"="*" "agentVersion.major"="*" "agentVersion.minor"="*" esxiHostName="*" | stats values(esxiHostName, ) values(agentVersion.minor)***

Thx for you Help !!!

Vardhan · ‎12-07-2021

Hi @incoghnito_1

Try the below SPL command

index="dynatrace_hp" "agentVersion.major"="*" "agentVersion.major"="*" "agentVersion.minor"="*" esxiHostName="*" | stats values(agentVersion.minor) by esxiHostName

View solution in original post

incoghnito_1 · ‎12-07-2021

thx for your help !
I have difficulty having the agents version for each hosts I am looking for the command to do this

Vardhan · ‎12-07-2021

Hi @incoghnito_1

Try the below SPL command

index="dynatrace_hp" "agentVersion.major"="*" "agentVersion.major"="*" "agentVersion.minor"="*" esxiHostName="*" | stats values(agentVersion.minor) by esxiHostName

incoghnito_1 · ‎12-07-2021

works thx you very much have a good day !

gcusello · ‎12-07-2021

Hi @incoghnito_1,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎12-07-2021

Hi @incoghnito_1,

let me understand: have you problems in field extractions or in the stats command?

in other words, if you run the main search (without the stats command), have you the fields to use in the stats command or not?

if not you could use the "spath" command or a regex to exctract the needed fields fields.

Ciao.

Giuseppe

Json parsing

other

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?