Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to extract Json file format as Fields using pr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to extract Json file format as Fields using props.conf and Transform.conf file?
karthi2809
Builder
06-01-2022
10:48 PM
Hi ,
Thanks in Advance,
My json file .
how to extract fields using props and transform configuration file.
{
"AAA": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"BBB": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"CCC": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"DDD": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
06-01-2022
11:58 PM
Hi @karthi2809,
did you explored the INDEXED_EXTRACTIONS=JSON option in props.conf?
You can find more infos at https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Propsconf
in few words, in props.conf put
[your_sourcetype]
INDEXED_EXTRACTIONS = JSON Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
06-07-2022
12:58 AM
{
"AAA": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"BBB": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"CCC": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}{
"DDD": {
"modified_files": [
"a/D:\\\\splunk\\\\A / ui/.env",
"a/D:\\\\splunk\\\\A / ui/.env.example",
"a/D:\\\\splunk\\\\B / ui/.env",
"a/D:\\\\splunk\\\\B / ui/.env.example"
]
}
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
06-07-2022
02:09 AM
Hi @karthi2809,
this isn't a JSON format, is this the full log or a part of it?
if it's a part of it, please share the full log,
Anyway, using an extraction with INDEXED_ENTRACTIONS = JSON, you have the following fields
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
06-07-2022
03:29 AM
Hi @gcusello ,
Below the result of the json log file.
{
"AAA": {
"modified_files": [
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/index",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/logs/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/logs/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/logs/refs/heads/master",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/idx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/pack",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/refs/heads/master",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/.git/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Database/2021.10_sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/VisualStudio2005/WebService.sln",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/VisualStudio2005/WebSite.sln",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/lu.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.DEV.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web..config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.PP.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.QA.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_AAA/lu/Web/WebSite/Web.SIT.config"
]
}
}{
"BBB": {
"modified_files": [
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/index",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/logs/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/logs/refs/heads/feature/new-server-updates",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/logs/refs/heads/integration",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/logs/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/objects/pack/pack-87d6b8ab05803d2bd514f956bb3ee97eb5db6d4d.idx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/objects/pack/pack-87d6b8ab05803d2bd514f956bb3ee97eb5db6d4d.pack",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/refs/heads/feature/new-server-updates",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/refs/heads/integration",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/.git/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_BBB/ContinuousIntegration/BBB.Build/BBB.Build.psm1",
]
}
}{
"CCC": {
"modified_files": [
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/index",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/logs/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/logs/refs/heads/BLTSFix",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/logs/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/logs/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/objects/pack/pack-.idx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/objects/pack/pack-1.pack",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/objects/pack/pack-f067c2bff747ce861.idx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/packed-refs",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/refs/heads/BLTSFix",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.git/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/.vscode/launch.json",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/App/WebService/BltsService.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/App/WebService/Dare.cs",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/App/WebService/Web.$$OAT.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/App/WebService/Web.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/Database/2021.9_JIRA15219_ProductCodes/01_JIRA15219_ProductCodes_Backup.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/Database/2021.9_JIRA15219_ProductCodes/02_JIRA15219_BLTS_ProductCodes.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/Database/2021.9_JIRA15219_ProductCodes/JIRA15219_ProductCode_BackoutDBScript.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/Web/WebSite/Blts.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_CCC/BLTS/Web/WebSite/Web.$$OAT.config"
]
}
}{
"DDD": {
"modified_files": [
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/index",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/logs/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/logs/refs/heads/BBB-11392_BU_$$Replication",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/logs/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/logs/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/objects/pack/pack-f46eea35cf14742a81d21f669f667e4df3bdc2a6.idx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/objects/pack/pack-f46eea35cf14742a81d21f669f667e4df3bdc2a6.pack",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/refs/heads/BBB-11392_BU_$$Replication",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.git/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/.gitignore",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/BOController/Controller.cpp",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/CollateralEngine/ZAddDAO.cpp",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/RISSearch/SearchRis.cpp",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/SoapComm/SoapGenerator.cpp",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/binaries/duplicateaccounts.xsl",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/binaries/selectedentities.xsl",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Apps/ccmspersist/XMLHelper.cpp",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/BOExtract.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS-SSIS.database",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS-SSIS.dtproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS-SSIS.sln",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.APRA.Extract.Tables.xml",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.APRA.Extract.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.APRA.Extract.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.CHARM.Batch.DEV.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.CHARM.Batch.NewDB.DEV.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.CHARM.Extract.NewDB.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.CHARM.Extract.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.Data.Cleanse.DEV.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.Data.Cleanse.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.MasterData.Migration.DEV.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.MasterData.Migration.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.RSDS.Extract.Tables.xml",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.RSDS.Extract.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.RSDS.Extract.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.RefData.Migration.DEV.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS.RefData.Migration.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS_Cleanup.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS_CustomerRefresh.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS_Orion_AuditCertificate.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS_RIS_BOExtraction.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CCMS_RIS_FOExtraction.dtsx",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/CustRefresh.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/FOExtract.dtsConfig",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Batch/CCMS-SSIS/Project.params",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/CI/script/nant/ccms_app_registry_nzoat.xml",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/CI/script/nant/ccms_web_registry_nzoat.xml",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/2021.11_JIRA15401_BulkUpdate/01_JIRA15401_BulkUpdate_DBScript_Backup.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/2021.11_JIRA15401_BulkUpdate/02_JIRA15401_BulkUpdate_DBScript.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/R2021.2/BackoutScripts/1.DROP_viw_CCMS_To_Elastic.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/R2021.2/BackoutScripts/pra_Rpt_ReportableEvents_ES_Backout.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/R2021.2/ChangeScripts/1.CREATE_viw_CCMS_To_Elastic.sql",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_DDD/CCMS/Database/R2021.2/ChangeScripts/pra_Rpt_ReportableEvents_ES.sql"
]
}
}{
"EEE": {
"modified_files": [
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/index",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/logs/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/.git/logs/refs/heads/BBB-15109_add_pk_tblOrgUnitBU",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/logs/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/logs/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/.git/refs/heads/BBB-15109_add_pk_tblOrgUnitBU",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/refs/heads/dev",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###.git/refs/remotes/origin/HEAD",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###App/WebService/BUPS.Service.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###App/WebService/Web.$$OAT.config",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###Web/Common/DropDownListExtd/DropDownListExtd.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###Web/Common/LoggingManager/LoggingManager.csproj",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###Web/Common/MasterPages/Control/MasterPages",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###",
"a/D:\\\\splunk_code_replication\\\\Repos\\\\Fri_Jun_3_17-34-04_2022\\\\$$_EEE/BUPS/###"
]
}
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
06-07-2022
11:26 PM
Hi @karthi2809,
as I said, using the INDEXED_EXTRACTIONS = JSON in props.conf, you have the fields.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
06-06-2022
08:56 PM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
06-06-2022
11:22 PM
Hi @karthi2809,
and does it run?
if not, could you share a sample of your logs using the Insert/Edit Code Sample button (</>)?
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
06-14-2022
07:43 PM
@gcusello Shared logs above.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
06-14-2022
11:26 PM
Hi @karthi2809,
I already answered to your message: using the INDEXED_EXTRACTIONS=JSON you have five fields:
Isn't this the result you want?
What's the result you want?
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
06-05-2022
08:44 PM
No That is not worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yuanliu
SplunkTrust
06-05-2022
09:37 PM
Maybe you are looking for kv_mode=json? Configure automatic key-value field extraction
Get Updates on the Splunk Community!
Index This | Divide 100 by half. What do you get?
November 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!
❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...
Splunk and Fraud
Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...
