Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log Metrics and use on dashboard

nehasha3
New Member
‎04-26-2024 02:22 AM

I have a case where the we have some associated metric for each request/response event , something like below:

{
"Key1" : "val",
"Array12" : [
"val1",
"val2"
],
"NewList" : [
{
"K1":"v11",
"K2":"v12",
"K3":"v13"
},
{
"K1":"v21",
"K2":"v22",
"K3":"v23"
}
]
}


Now this list , NewList is too big and having key-val pairs is making the log very bulky.

Is there any way to make it consize and they be able to read this in a dashboard as below

K1 , K2 , K3
V11,V12,V13
V21,V22,V23

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2024 02:59 AM

Do you mean something like this?

| spath NewList{} output=NewList
| table NewList
| mvexpand NewList
| spath input=NewList
| fields - NewList
0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top