Solved: Re: How to onboard json file data to splunk?

karthi2809 · ‎05-31-2022

Hi ,

Thanks in Advance

I am trying to onboard json file data to splunk .But i am not forwarding all the data from json file.

My json file format

{
"aaa": {
"modified_files": [
"a/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"a/D:\\\\splunk\\\\Repos\\\\/.git/config",
"a/D:\\\\splunk\\\\Repos\\\\/.git/index",
"a/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"]

},

"bbb": {
"modified_files": [

"b/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"b/D:\\\\splunk\\\\Repos\\\\/.git/config",
"b/D:\\\\splunk\\\\Repos\\\\/.git/index",
"b/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"

]
}
}

I am getting result as like this

{
"aaa": {
"modified_files": [
"a/D:\\\\splunk\\\\Repos\\\\/.git/HEAD",
"a/D:\\\\splunk\\\\Repos\\\\/.git/config",
"a/D:\\\\splunk\\\\Repos\\\\/.git/index",
"a/D:\\\\splunk\\\\Repos\\\\/.git/logs/HEAD"

SinghK · ‎05-31-2022

Create a normal file monitor input and choose source type as json_no_timestamp

View solution in original post

SinghK · ‎05-31-2022

Create a normal file monitor input and choose source type as json_no_timestamp

karthi2809 · ‎05-31-2022

Keep on monitoring the file in daily basis

SinghK · ‎05-31-2022

Check the link I have posted below.

karthi2809 · ‎05-31-2022

But i need to monitor json file

SinghK · ‎05-31-2022

for more info refer t o the link below

https://docs.splunk.com/Documentation/Splunk/8.2.6/Data/Monitorfilesanddirectorieswithinputs.conf

SinghK · ‎05-31-2022

File input does the same thing , it monitors file.

How to onboard json file data to Splunk?

JSON

universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation