Solved: Single field needs formatting

zeroCalm · ‎07-18-2017

Hello,

I am wondering is there a way to format a single field into JSON format. I have an error alert that returns the info requested, however the field "msg" is jumbled and difficult to read. However, when I take the contents of the "msg" field and plug it into a JSON converter, it is then readable.
I am very new to this, and don't have anywhere else to go. I am just wondering is there a way to format one field.

Thank you for your patience with me.

Timothy

DalJeanis · ‎07-18-2017

Okay, we understand your confusion. Now you have to give us the actual code (the non confidential part please) and the actual message.

But first, the spath command might be what you are looking for. It turns any properly formatted JSON into splunk variables.

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Spath

View solution in original post

DalJeanis · ‎07-18-2017

Okay, we understand your confusion. Now you have to give us the actual code (the non confidential part please) and the actual message.

But first, the spath command might be what you are looking for. It turns any properly formatted JSON into splunk variables.

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Spath

Single field needs formatting

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life