Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to convert JSON property of event to string?

Mayukh
Engager
‎06-10-2022 10:41 AM

Hello,

I have a HEC with events like the following:

 

{
    "Log": {
        "Status": "Ordered",
        "Platform": {
            "A": {
                "Tracking": {"Field1": "Value1", "Field2": "Value2"}
            }
        }
    }
}

 

When I run the query

 

index="my_index" AND Log.Status="Ordered" 
| table Log.Status Log.Platform.A.Tracking

 

  • I get all the data for Status.
  • However my requirement is to have the JSON object Log.Platform.A.Tracking in a string format - the JSON as a String?

How can I achieve this?

Labels (2)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2022 11:15 AM 
| spath path=Log.Status output=Status
| spath path=Log.Platform.A.Tracking output=Tracking
| table Status Tracking

View solution in original post

Reply
Solved! Jump to solution

Mayukh
Engager
‎06-10-2022 11:25 AM

Thank you so much!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2022 11:15 AM 
| spath path=Log.Status output=Status
| spath path=Log.Platform.A.Tracking output=Tracking
| table Status Tracking
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...