Re: How to compare two json objects for equality?

rmullin · ‎01-27-2021

I have a table where the x axis labels are a json object of parameters that were passed into a test. The y axis are a bar chart of min, max, and average durations per parameters. I have a drilldown that passes the x axis label into a lower chart that can view each individual duration of a specific test given the parameters. The search result comes out as something like this:

```

eventtype="my_event_type" header.run_id="my_run_id" header.type="type_of_test" payload.parameters="{"some": "json", "blob": "with", "date": "the", "parameters": "defined"}"
| mvexpand durations
| table ...

```

Splunk doesn't seem to play nice with comparing objects for equality, and I can't compare the fields directly because given the test type I don't know what the parame

rmullin · ‎01-27-2021

message got cutoff prematurely. I can't compare each field individually because I don't know what the shape of the parameters are, they change depending on what the test type is

How to compare two json objects for equality?

fields

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?

How to compare two json objects for equality?

fields

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar