- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need Help in converting Json data to table
I have a sample data something like below.
{
"Year": {
"Top30RequesterInOneYear": {
"Bob": 22,
"Marry": 12
},
"TotalRequestCountInOneYear": {
"9": "K",
"10": "C"
},
"Top10ActionInOneYear": {
"31": "update table",
"33": "Display log"
}
},
"Month": {
"Top30RequsterInOneMonth": {
"Foo": 3,
"Bob": 6
},
"TotalRequestCountInOneMonth": {
"1": "K",
"5": "C"
},
"Top10ActionInOneMonth": {
"10": "Display log",
"11": "update table"
}
},
"Week": {
"Top30RequesterInOneWeek": {
"Bob": 6
},
"TotalRequestCountInOneWeek": {
"15": "C"
},
"Top10ActionInOneWeek": {
"3": "update table",
"7": "display reboot"
}
}
}
The output is expected is as below. Can someone please help me on this.
Top30RequesterInOneYear
Name | Count
Bob 22
Marry 12
TotalRequestCountInOneYear
Count | Status
9 K
10 C
Top10ActionInOneYear
Count | Action
31 update table
33 Display log
Top30RequsterInOneMonth
Name | Count
Foo 3
Bob 6
TotalRequestCountInOneMonth
Count | Status
1 K
6 C
Top10ActionInOneMonth
Count | Action
10 display log
11 update table
Top30RequesterInOneWeek
Name | Count
Bob 6
TotalRequestCountInOneWeek
Count | Status
15 C
Top10ActionInOneWeek
Count | Action
3 update table
7 display reboot
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can i please get some help ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can i please get some expert help on this ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like you just want to reformat the JSON output - I am not sure Splunk is the right tool for this. Have you considered using a scripting or text processing language, e.g. perl, awk, python, etc.?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a python script which talks to database and get the data in json format. Now I need to create a dashboard in splunk out of the data after retrieving in tabular format.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your script is doing you a disservice. For example, "Bob": 30, should possibly be "Name": "Bob", "count": 30
This would make the handling of the data easier in Splunk.
Also, have you considered extracting the data in Splunk using DBConnect, and building your dashboard directly from the data rather than trying to manipulate a report that your script has generated?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I am not using DB connect as that is a sort of limitation in my project.
As i am new to splunk, looking for some help in visualizing data in tabular format.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is your question? We need a lot more information before we can help.
What help do you need? What is the dashboard expected to do? Is the data already onboarded with fields extracted? What have you tried so far and what have been the results?
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Data is not onboarded with field extracted.
