Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HTTP Event Collector: Why are double quotes not escaped for a properly formatted JSON string?

unclethan
Path Finder
‎04-04-2016 04:33 PM

A properly formatted JSON string will escape the double quotes. However the HEC does not translate that accordingly.

e.g JSON message to HEC: {"event":"somefield=\"a value with spaces\""}
the value for somefield is \"a value with spaces\"
when it should have the value a value with spaces

Any information on how to rectify this would be appreciated.

Reply
1 Solution
Solved! Jump to solution
Solution

gblock_splunk
Splunk Employee
Splunk Employee
‎04-04-2016 09:30 PM

This is fixed in the next version of Splunk, 6.4 which will be shipping very soon.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gblock_splunk
Splunk Employee
Splunk Employee
‎04-04-2016 09:30 PM

This is fixed in the next version of Splunk, 6.4 which will be shipping very soon.

0 Karma
Reply
Solved! Jump to solution

IdoTwiggle
Engager
‎10-18-2016 04:41 AM

Hi,

We're currently using Splunk version 6.4.1 and still experiencing this bug.
Can you verify if / on what version was it fixed to let us know what version should we upgrade to?

Thanks,
Ido

Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...