Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk universal forwarder

vj5
New Member
‎06-25-2018 01:12 PM

Developers are sending a log in json format. But splunkforwarder is reading the log as single line text.
What migt the issue ?. Any help is appreciated.
Thanks in advance

Tags (1)
0 Karma
Reply

ddrillic
Ultra Champion
‎06-25-2018 02:06 PM

Try What are the requirements for a perfect Splunk JSON document?

You might need in props.conf -

INDEXED_EXTRACTIONS = json
category = Structured
0 Karma
Reply

vj5
New Member
‎06-25-2018 03:08 PM

@ddrillic and @amifath Thanks for you responses.

Now I am getting my log as
{ [-]
log: {someinformation of appication here {msg"a":"1","b":"2","c":"3","d":"4"
}

I want my log to be as below
{ [-]
log: {someinformation of appication here {msg-"a":"1","b":"2","c":"3","d":"4"}
}
msg-{
a:1
b:2
c:3
d:4
}

Devlopers are passing the log as json format but when it coming into splunk ui it is converting into invalid JSON.

0 Karma
Reply

amiftah
Communicator
‎06-25-2018 01:52 PM

If you mean one event by single line text and your json file has one node then it's normal to have that result, try to use spath command to extract more fields:
http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Spath

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...