- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Extract JSON data to chart
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extract JSON data to chart
Today, I have to create a chart from log in json format. The log is something like that:
Expired token in next 3 days {"data":[{"date":"2014-06-25","Site1":100,"Site2":23,"Site3":133},{"date":"2014-06-26","Site1":200,"Site2":223,"Site3":232},{"date":"2014-06-24","Site1":150,"Site2":342,"Site3":422}]}
Output should be a chart (column chart) which contains information about date and number of expired token for each site
The log will show the list of expire token from 3 sites for next 3 days. The json format can be changed to whatever for suitable.
Anyone please help to give me any suggestion.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ndkhoiits,
take a look at the docs about the spath command example 3, this will show you how to use spath on JSON logs.
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
based on your provided data:
{"data":
[
{"date":"2014-06-25","Name":"Site1":"Count":"100"},
{"date":"2014-06-25","Name":"Site2":"Count":"23"},
{"date":"2014-06-25","Name":"Site3":"Count":"133"}
]
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would you like to give me a clear explanation or a sample
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
still no need for mvzip because you have per date a Site1, Site2 and Site3 entry. Personally I would add a Name=Site[1|2|3] key=value pair and a count=value per date in the JSON, much easier to handle
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This example is my real world data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your sites names are Site1, Site2 and Site3 in the example JSON, so no need for mvzip... or are those site names all equal and this example is your real world data?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your answer, however in my requirement there are 3 sites which need to be included in the report, so I don't know how to use mvzip in this case
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The chart can be something like that
https://docs.google.com/file/d/0B_zzVMkc4PNJN1p3LU1fMGZ4cWs
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
