Solved: How to convert array of json in multiple split lin...

felipesodre · ‎02-28-2022

Any help is greatly appreciated.

How to convert the following json into a table?

{
"Summary":{
"jobType":"jobA",
"summaryId":22746666,
"objectsArchived":[
{
"name":"tableA",
"count":855
},
{
"name":"tableB",
"count":678
}
]
}
}

Jobtype | SummaryId | Table | Count

jobA. | 22746666. | tableA | 855

jobA. | 22746666 | tableB | 678

ITWhisperer · ‎02-28-2022

| spath Summary.objectsArchived{} output=objectsArchived
| mvexpand objectsArchived
| spath Summary.jobType output=jobType
| spath Summary.summaryId output=summaryId
| spath input=objectsArchived
| rename name as Table
| table jobType summaryId Table count

View solution in original post

ITWhisperer · ‎02-28-2022

| spath Summary.objectsArchived{} output=objectsArchived
| mvexpand objectsArchived
| spath Summary.jobType output=jobType
| spath Summary.summaryId output=summaryId
| spath input=objectsArchived
| rename name as Table
| table jobType summaryId Table count

How to convert array of json in multiple split lines?

field extraction

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Are you a member of the Splunk Community?

How to convert array of json in multiple split lines?

field extraction

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25