Re: how to sum the machine OS in a JSON file

garumaru · ‎05-15-2020

Hi Guys,

I have a JSON file for OS type in some cluster like below:

{
"clusterA": ubuntu,
"clusterA": ubuntu,
"clusterA": rhel5,
"clusterA": sles11,
"clusterB": sles11,
"clusterB": sles11,
"clusterB": ubuntu,
"clusterC": centos,
"clusterC": ubuntu
...
}

I'd like sum the OS type for each cluster, like in above sample, 2 ubuntu in clusterA, 1 rhel5 in clusterA etc.
Would you please kindly help out?

Thank you!

vnravikumar · ‎05-15-2020

Hi

Check this

| makeresults 
| eval json="{\"clusterA\": ubuntu,
 \"clusterA\": ubuntu,
 \"clusterA\": rhel5,
 \"clusterA\": sles11,
 \"clusterB\": sles11,
 \"clusterB\": sles11,
 \"clusterB\": ubuntu,
 \"clusterC\": centos,
 \"clusterC\": ubuntu}" 
| eval json=replace(json,"\"|{|\s|}","") 
| makemv delim="," json 
| mvexpand json 
| eval temp=split(json,":"),cluster=mvindex(temp,0),os=mvindex(temp,1) 
| stats count by cluster,os

to4kawa · ‎05-15-2020

| makeresults 
| eval _raw="{\"clusterA\": ubuntu,
\"clusterA\": ubuntu,
\"clusterA\": rhel5,
\"clusterA\": sles11,
\"clusterB\": sles11,
\"clusterB\": sles11,
\"clusterB\": ubuntu,
\"clusterC\": centos,
\"clusterC\": ubuntu}"
| rex mode=sed "s/: (\w+)/: \"\1\"/g"
| spath
| foreach cluster* [ eval <<FIELD>> = mvjoin('<<FIELD>>' , ",")]
| untable _time cluster OS
| eval OS = split(OS,",")
| mvexpand OS
| stats count by OS cluster
| sort cluster

how to sum the machine OS in a JSON file

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor