Solved: Transpose lines to Column

felipesodre · ‎06-25-2020

{
  "DbMaintenanceDailyRoutineSummary": {
    "success": [
      {
        "server-002": [
          {
            "vacuum": true,
            "analyze": true,
            "warehouse": "mydatabase@aaaaaa"
          },
          {
            "vacuum": true,
            "analyze": true,
            "warehouse": "mydatabase@bbbbbb"
          }
        ]
      },
      {
        "server-003": [
          {
            "vacuum": true,
            "analyze": true,
            "warehouse": "mydatabase@ccccccc"
          },
          {
            "vacuum": true,
            "analyze": true,
            "warehouse": "mydatabase@ddddddd"
          }
        ]
      }
    ],
    "fail": [
      {
        "server-002": [
          {
            "vacuum": true,
            "analyze": false,
            "warehouse": "mydatabase@eeeeee"
          }
        ]
      },
      {
        "server-003": [
          {
            "vacuum": false,
            "analyze": true,
            "warehouse": "mydatabase@fffffff"
          },
          {
            "vacuum": true,
            "analyze": false,
            "warehouse": "mydatabase@gggggg"
          },
          {
            "vacuum": true,
            "analyze": false,
            "warehouse": "mydatabase@hhhhhh"
          }
        ]
      }
    ]
  }
}

I am wondering how can I convert this result in something like the following message to sent it as a alert by email.

DbMaintenanceDailyRoutineSummary

fail:

server002:

mydatabase@eeeeee: analyze: false, vacuum: true

server003:

mydatabase@fffffff - analyze: false, vacuum: true

mydatabase@ggggg - analyze: false, vacuum: true

success:

server002:

mydatabase@aaaaaa- analyze: true, vacuum: true

mydatabase@bbbbbb - analyze: true, vacuum: true

server003:

mydatabase@ccccccc - analyze: false, vacuum: true

mydatabase@dddddd - analyze: false, vacuum: true

felipesodre · ‎06-25-2020

Thanks for your help, appreciate it. But the solution presented is not I would like to have.

I just want to change that part from this:

"vacuum": true,
"analyze": false,
"warehouse": "mydatabase@hhhhhh"

to this:

"warehouse": "mydatabase@hhhhhh", "vacuum": true, "analyze": false

View solution in original post

felipesodre · ‎06-25-2020

Thanks for your help, appreciate it. But the solution presented is not I would like to have.

I just want to change that part from this:

"vacuum": true,
"analyze": false,
"warehouse": "mydatabase@hhhhhh"

to this:

"warehouse": "mydatabase@hhhhhh", "vacuum": true, "analyze": false

felipesodre · ‎06-27-2020

Thanks.

This is all I need. Issue fixed.

Appreciate it!

to4kawa · ‎06-27-2020

felipesodre · ‎06-29-2020

Yes it is. Thank you.

to4kawa · ‎06-29-2020

OK. My answer is not your solution.

to4kawa · ‎06-26-2020

to4kawa · ‎06-25-2020

Transpose lines to Column

field extraction

subsearch

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation