Find first matching node of json

nainil0683 · ‎09-26-2024

Hi,

Based on the following json document, I want to find the value of "Geography" where City is input.

Here is the json:

{
    "Company" : "Microsoft",
    "Cloud" : "Azure",
    "DataCenters" : [
        {
            "Geography" : "USA",
            "Region" : "East",
            "City": "New York"
        },
        {
            "Geography" : "India",
            "Region" : "West",
            "City": "Ahmedabad"
        }, 
        {
            "Geography" : "USA",
            "Region" : "West",
            "City": "San Fransisco"
        },
        {
            "Geography" : "South Africa",
            "Region" : "West",
            "City": "Capetown"
        }
    ]
}

Can somebody please help me fetch this information. Thanks.

yuanliu · ‎09-26-2024

Assuming you already have a token $City_tok$ from the input, mvexpand is the most traditional way to do it

| spath path=DataCenters{}
| mvexpand DataCenters{}
| spath input=DataCenters{}
| whree City == "$City_tok$"

If mvexpand is a problem in your environment, there are other ways.

Find first matching node of json

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Find first matching node of json

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits