Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to parse a JSON string

erwanlebaron
Engager
‎09-25-2020 07:36 AM

Hi

 

I get data from an CSV file and one of the filed imported is a JSON string called "Tags" which looks like that

Tags = {"tag1": "toto" "tag2": "tata" "tag4": "titi"}  --> exemple for a line
Tags = {"tag3": "toto" "tag4": "tata"}  --> exemple for another line

 

The delimitation between key and value is <colon>+<space>
The delimitation between two key+value is <space>

 

I tried 

 

 

| spath input=Tags

 

 

but when I do

 

 

| table tag1, tag2, tag3, tag4

 

 

I get value only for tag1.

 

I tried to find a way to solve it by looking other topics but I do not succed.

I understood that my string is not correctly formatted like a "real" Json but I don't fin the command to convert my initialy field "Tags" into a correct Json format to apply the "spath" command

 

Is there anybody has an idea to do it

 

Thanks in adance

Labels (1)
Labels
Tags (3)
0 Karma
Reply

erwanlebaron
Engager
‎09-25-2020 07:52 AM

It works by doing that before the spath command

 

| eval Tags_json=replace(Tags,": ",":")
| eval Tags_json=replace(Tags_json,"\" \"","\",\"")

 

But it doesn't look very elegant...

 

There is a better solution ?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...