Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Print string arrays in json in tabular format

ayushk23
Loves-to-Learn
‎03-01-2021 04:54 AM

I need to print a string array along with one field in my json object. 

The data:

 

{ "key1":"val1",  "key2":"value2",  "codes":["apple","mango","banana","orange"], "key3_conditional":"yes"}

 

 

My Search query:

 

<My search query>
| rex "\|(?<payload>[^\|]*)$"
| spath input=payload
| rex "\"codes\":\"(?<codes>[^\"]*)"
| eval is_unknown=if(isnotnull(key3_conditional), key3_conditional, "no")
| table codes, is_unknown

 

 

This only displays the 1st value in codes and I need all values of codes as comma separated.

 

 

Labels (2)
Labels
Tags (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-01-2021 06:04 AM 
| makeresults | eval _raw="{ \"key1\":\"val1\",  \"key2\":\"value2\",  \"codes\":[\"apple\",\"mango\",\"banana\",\"orange\"], \"key3_conditional\":\"yes\"}"
| spath path=codes{} output=codes
| spath path=key3_conditional
| table codes key3_conditional
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...