Splunk Search

How to compare two json objects for equality?

rmullin
Loves-to-Learn Lots

I have a table where the x axis labels are a json object of parameters that were passed into a test. The y axis are a bar chart of min, max, and average durations per parameters. I have a drilldown that passes the x axis label into a lower chart that can view each individual duration of a specific test given the parameters. The search result comes out as something like this:

```

eventtype="my_event_type"  header.run_id="my_run_id" header.type="type_of_test" payload.parameters="{"some": "json", "blob": "with", "date": "the", "parameters": "defined"}"
| mvexpand durations
| table ...

```

Splunk doesn't seem to play nice with comparing objects for equality, and I can't compare the fields directly because given the test type I don't know what the parame

Labels (1)
0 Karma

rmullin
Loves-to-Learn Lots

message got cutoff prematurely. I can't compare each field individually because I don't know what the shape of the parameters are, they change depending on what the test type is

0 Karma
Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...

Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions

  Whether you’re building custom apps, diving into SPL2, or integrating AI and machine learning into your ...

Index This | How do you write 23 only using the number 2?

July 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...