Re: Exporting in JSON

chipmunk · ‎08-31-2010

outputcsv exports data in csv format. Can I output it to .json format ?

doksu · ‎04-06-2017

I just wrote an app that can create JSON in-line: https://splunkbase.splunk.com/app/3540/

With this you could convert _raw (and any other fields not from _raw) to JSON, then export a "csv" with one field containing the JSON.

... | mkjson outputfield=json | table json | outputcsv mycsv

Be sure to read the Usage guide (https://github.com/doksu/TA-jsontools/wiki#usage-1) which has a range of examples.

manish_singh_77 · ‎11-19-2019

@doksu

I have a query where we are trying to output the results into csv but now we would like to have that in json format.

Can we do that through this app?

doksu · ‎01-09-2020

I'm not sure I understand the question. Splunk cannot write to a json file, however you can produce JSON using the mkjson command as seen above then pipe that to another command like outputcsv to dump that to disk (JSON inside a CSV).

Stephen_Sorkin · ‎08-31-2010

There is no analogous search command to write a JSON formatted file from within a search itself. You can run a search using the REST API (http://www.splunk.com/base/Documentation/latest/Developer/RESTIntro) and fetch the results in JSON format using the argument output_mode=json from the events, results or results_preview resources.

Exporting in JSON

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation