I have a log that looks like this (with lot more fields):
04FEB2016_18:05:49.440 10789:1 INFO Struct='SListmanTskSubTranV6' IO='O' EventId=17086 Event='LISTMAN_UPDATE_FOR_EXEC_RPT REPORT' Order=1094966 To='MULT' ...
I want to extract events like these from Splunk and want the output to be a VALID json object. So in this case, output should look like:
{"Struct":'SListmanTskSubTranV6', "IO":'O', "EventId":17086, "Event":'LISTMAN_UPDATE_FOR_EXEC_RPT REPORT', "Order":1094966, "To":'MULT'}
Is there a way to achieve this in Splunk? Our string field values can have spaces or characters like '
, "
, \
, etc. in it
See below link for different option to export search results (including json format)
We have a python service that is using REST API to query splunk. We want to get raw data from splunk in json format even though our actual log is in key=value format.
Looks like above documentation doesn't achieve that.
Why? Do you want to use Splunk as a log format converter!?
You can probably do that with a bunch of eval statements, but it won't be pretty.
We have an application that need this information in json format. We don't have the luxury to change the logging application to log in json format.