Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

are we able to pick up everything between an open  [{ and  a close }]

Kisame27
Explorer
‎11-17-2021 11:56 PM

there is raw data :  [{}]

 parameters="[{"Name":"request","Type":"WithdrawalRequestedRequest","Value":{"BrandName":"Bumer","TransactionReference":"111403471","CustomerId":"00e9bc22-96ac-412f-90aa-a240dc03daf9","PaymentDetails":{"Created":"2021-11-18T06:56:54.377Z","Changed":"2021-11-18T06:56:54.393Z","Amount":25.0000,"Fee":0.2500,"CurrencyCode":"GEL","BaseAmount":7.0200,"BaseFee":0.0700,"BaseCurrencyCode":"EUR","PaymentMethodName":"BOG","PublicPaymentId":"t8185jta7fEBBOG","PaymentReference":"bf28bf9e-5caa-4faa-ba4f-c1422080f83e","ExternalData":null,"AdditionalParameters":null}}]" 

 

are we able to pick up everything between an open  [{ and  a close }]

the main Fields which I need mostly are: Amount , Base Amount  are you able to help me Please

Labels (1)
Labels
0 Karma
Reply

Kisame27
Explorer
‎11-18-2021 12:57 AM

thank you very much , have a good day

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-18-2021 12:32 AM 
| rex "\"\[\{(?<parameters>.*?)\}\]\""

Is this supposed to be JSON as the curly braces are mismatched?

Reply

scelikok
SplunkTrust
SplunkTrust
‎11-18-2021 12:26 AM

Hi @Kisame27 ,

The easiest way is removing [ and ] characters and using spath to extract all fields. Please try below;

| eval parameters=replace(replace(parameters,"\[",""),"\]","") 
| spath input=parameters
If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Get Updates on the Splunk Community!

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Community Content Calendar, October Edition

Welcome to the October edition of our Community Spotlight! The Splunk Community is a treasure trove of ...