Splunk Search

What is the best solution to table list of keys which can be eventually used for input dropdown in dashboard?

kirangurram
Explorer

Hello Folks ,

I have json data in below format. I am looking for a best solution to table list of Keys which can be eventually used for input dropdown in dashboard.

output of the table content needs to be like below. your help is much appreciated.

bzk.f1

bzk.f4

bzk.f8




{ [-]
   bzk: { [-]
     f1: ABC
     f4ABC
     f8: ABC

}

}

Labels (2)
Tags (1)
0 Karma

yuanliu
SplunkTrust
SplunkTrust

So, your data already contain fields named bzk.f1, bzk.f4, etc.  The following should give you a single-field table:

| foreach bzk.*
    [eval inputfield = mvappend(inputfield, "<<FIELD>>")]
| table inputfield

Alternatively, you can use spath together with the newer JSON functions

| spath input=data path=bzk
| eval inputfield = json_array_to_mv(json_keys(bzk))
| eval inputfield = mvmap(inputfield, "bzk." . inputfield)
| table inputfield

  

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| spath
| fields - _time _raw
| transpose column_name=name
| fields name
0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...