Solved: Re: How to onboard json file data to splunk?

karthi2809 · ‎05-31-2022

Hi ,

Thanks in Advance

I am trying to onboard json file data to splunk .But i am not forwarding all the data from json file.

My json file format

{
"aaa": {
"modified_files": [
"a/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"a/D:\\\\splunk\\\\Repos\\\\/.git/config",
"a/D:\\\\splunk\\\\Repos\\\\/.git/index",
"a/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"]

},

"bbb": {
"modified_files": [

"b/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"b/D:\\\\splunk\\\\Repos\\\\/.git/config",
"b/D:\\\\splunk\\\\Repos\\\\/.git/index",
"b/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"

]
}
}

I am getting result as like this

{
"aaa": {
"modified_files": [
"a/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"a/D:\\\\splunk\\\\Repos\\\\/.git/config",
"a/D:\\\\splunk\\\\Repos\\\\/.git/index",
"a/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"

SinghK · ‎05-31-2022

Create a normal file monitor input and choose source type as json_no_timestamp

View solution in original post

SinghK · ‎05-31-2022

Create a normal file monitor input and choose source type as json_no_timestamp

karthi2809 · ‎05-31-2022

Keep on monitoring the file in daily basis

SinghK · ‎05-31-2022

Check the link I have posted below.

karthi2809 · ‎05-31-2022

But i need to monitor json file

SinghK · ‎05-31-2022

for more info refer t o the link below

https://docs.splunk.com/Documentation/Splunk/8.2.6/Data/Monitorfilesanddirectorieswithinputs.conf

SinghK · ‎05-31-2022

File input does the same thing , it monitors file.

How to onboard json file data to Splunk?

JSON

universal forwarder

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation