How to create Indexed Field Extraction from JSON ...

manikanthkoti · ‎06-17-2020

Hi Everyone,

We are receiving below Data from HEC Token into Splunk.

{ "mirId": "Mule-111", "appVersion": "v1", "businessGroup": "Ecomm-Direct2Customer", "compress": false, "appName": "dev-pross-Ecomm-int-v1", "relational_correlationId": "22572801-b09e-11ea-9659-023335c1afde", "tracePointDescription": "Capture payload", "threadName": "[MuleRuntime].cpuLight.13: [adaptive-logger-test].adaptive-loggerFlow.CPU_LITE @6dbce5f9", "content": { "exception": "", "payload": "https://s3.console.aws.amazon.com/s3/object/unilever-ai-operationalframework/LEVEREDGE/prod/dispatch...?region=us-east-2&tab=overview", "businessFields": { }, "category": "org.unilever.apps.adaptiveloggertest" }, "environment": "TJ-Ecomm-Dev", "LogMessage": "Test-TJ-SCHED", "correlationId": "227425e0-b09e-11ea-9659-023335c1afde", "interfaceName": "Process finance Layer", "tracePoint": "START", "timestamp": "2020-06-17T13:26:21.759Z" }

We are trying to create a Indexed field for correlationId at Indexing time by using transforms.conf, props.conf, fields.conf .

How to link these conf files with inputs.conf.

Please help me in this.

Thanks&Regards,

Manikanth

How to create Indexed Field Extraction from JSON Data?

administration

development

metrics

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms