Solved: Single field needs formatting

zeroCalm · ‎07-18-2017

Hello,

I am wondering is there a way to format a single field into JSON format. I have an error alert that returns the info requested, however the field "msg" is jumbled and difficult to read. However, when I take the contents of the "msg" field and plug it into a JSON converter, it is then readable.
I am very new to this, and don't have anywhere else to go. I am just wondering is there a way to format one field.

Thank you for your patience with me.

Timothy

DalJeanis · ‎07-18-2017

Okay, we understand your confusion. Now you have to give us the actual code (the non confidential part please) and the actual message.

But first, the spath command might be what you are looking for. It turns any properly formatted JSON into splunk variables.

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Spath

View solution in original post

DalJeanis · ‎07-18-2017

Okay, we understand your confusion. Now you have to give us the actual code (the non confidential part please) and the actual message.

But first, the spath command might be what you are looking for. It turns any properly formatted JSON into splunk variables.

http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Spath

Single field needs formatting

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025

Are you a member of the Splunk Community?

Single field needs formatting

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025