Re: How to Make a Table for JSON Data

apignata · ‎03-27-2023

I have the following JSON structure in my events. I am trying to figure out an SPL Query to format the JSON in a table for a dashboard. The names of the WLCs could change, so WLC-1 will not always be the first entry or have the same name. Is it possible to make a dynamic table like the one below? Thank you.

WLC-1	SSID1: 2	SSID2: 4
WLC-2	SSID1: 16	SSID3: 8
WLC-3	SSID2: 6	SSID3: 6	SSID4: 9

{ 
   WLC-1: { 
     SSID1: 2
     SSID2: 4
   }
   WLC-2: {
     SSID1: 16
     SSID3: 8
   }
   WLC-3: {
     SSID2: 6
     SSID3: 6
     SSID4: 9
   }
}

gcusello · ‎03-27-2023

Hi @apignata,

you could use the INDEXED_EXTRACTIONS=json option in the props.conf (https://docs.splunk.com/Documentation/Splunk/9.0.4/admin/Propsconf), in this way all the fields are automatically extracted.

In addition you could also use the spath command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Spath) that makes the same thing.

Ciao.

Giuseppe

How to Make a Table for JSON Data?

fields

stats

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation