Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

JSON output values wrapped in double quotes, even number/integer values

kylemain
New Member
‎06-24-2019 08:17 AM

I have a field called "windows_event_id" which contains integer values that I am adding to a table.
I am certain that the data type is number because I have enforced it using | convert num(windows_event_id),
and the values are right-aligned in the resulting table column (nifty that Splunk does this).

I also added an "if" condition in an eval statement which checks if the values are a number format - and they all are, as expected. However, when I export the resulting table in JSON format the values for windows_event_id are wrapped in double quotes.
It seems when exporting in JSON format that ALL fields, regardless of data type, in the table are wrapped in double quotes and therefore treated as strings.
Some sample output from the export:

... "windows_event_id":"4688" ...

I would like for the export to treat this field as a number, rather than a string in the output.

Is this something that must be changed in a .conf file on the administration side, or can this be fixed within the search itself?
This is specifically the type of output that I want:

... "windows_event_id":4688 ...

Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...