parsing mix of json and other type without Splunk ...

Getting Data In

if the field is mix of json and some other type. is it possible to parse the field at index time or search time without using spath ?

my data is some what mix of json and other format. how should I parse it without using spath command (i mean parsing at index time or search time), so that I can alias the key value pair in json format and the one in anther format:

Below is my raw logs pattern:

ssoId:023serwerwef32, RBA Request :

key=value&key=value&&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value&key=value

,RBA Response :

{"key":value","key":value","key":value","key":value","key":value","key":value","key":value","key":value".........}

Note: Value of the above RBA Response is multiple nested json for varying sizes in different log.

Get Updates on the Splunk Community!

parsing mix of json and other type without Splunk query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

parsing mix of json and other type without Splunk query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem