Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need Help in converting Json data to table

Priyabrata
Loves-to-Learn
‎11-06-2023 06:23 AM

I have a sample data something like below. 

 

 

{
"Year": {
"Top30RequesterInOneYear": {
"Bob": 22,
"Marry": 12
},
"TotalRequestCountInOneYear": {
"9": "K",
"10": "C"
},
"Top10ActionInOneYear": {
"31": "update table",
"33": "Display log"
}
},
"Month": {
"Top30RequsterInOneMonth": {
"Foo": 3,
"Bob": 6
},
"TotalRequestCountInOneMonth": {
"1": "K",
"5": "C"
},
"Top10ActionInOneMonth": {
"10": "Display log",
"11": "update table"
}
},
"Week": {
"Top30RequesterInOneWeek": {
"Bob": 6
},
"TotalRequestCountInOneWeek": {
"15": "C"
},
"Top10ActionInOneWeek": {
"3": "update table",
"7": "display reboot"
}
}
}

 

The output is expected is as below. Can someone please help me on this.

Top30RequesterInOneYear
Name | Count
Bob 22
Marry 12

TotalRequestCountInOneYear
Count | Status
9 K
10 C

Top10ActionInOneYear
Count | Action
31 update table
33 Display log

Top30RequsterInOneMonth
Name | Count
Foo 3
Bob 6

TotalRequestCountInOneMonth
Count | Status
1 K
6 C

Top10ActionInOneMonth
Count | Action
10 display log
11 update table

Top30RequesterInOneWeek
Name | Count
Bob 6

TotalRequestCountInOneWeek
Count | Status
15 C

Top10ActionInOneWeek
Count | Action
3 update table
7 display reboot

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Priyabrata
Loves-to-Learn
‎11-07-2023 08:19 PM

Can i please get some help ?

0 Karma
Reply

Priyabrata
Loves-to-Learn
‎11-07-2023 08:19 PM

Can i please get some expert help on this ?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-06-2023 07:01 AM

It looks like you just want to reformat the JSON output - I am not sure Splunk is the right tool for this. Have you considered using a scripting or text processing language, e.g. perl, awk, python, etc.?

0 Karma
Reply

Priyabrata
Loves-to-Learn
‎11-06-2023 07:09 AM

I have a python script which talks to database and get the data in json format. Now I need to create a dashboard in splunk out of the data after retrieving in tabular format.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-06-2023 07:23 AM

Your script is doing you a disservice.  For example, "Bob": 30, should possibly be "Name": "Bob", "count": 30

This would make the handling of the data easier in Splunk.

Also, have you considered extracting the data in Splunk using DBConnect, and building your dashboard directly from the data rather than trying to manipulate a report that your script has generated?

0 Karma
Reply

Priyabrata
Loves-to-Learn
‎11-06-2023 08:09 PM

No, I am not using DB connect as that is a sort of limitation in my project.

As i am new to splunk, looking for some help in visualizing data in tabular format. 

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-06-2023 06:33 AM

What is your question?  We need a lot more information before we can help. 

What help do you need?  What is the dashboard expected to do?  Is the data already onboarded with fields extracted?  What have you tried so far and what have been the results?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Priyabrata
Loves-to-Learn
‎11-06-2023 07:10 AM

Data is not onboarded with field extracted. 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...