- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
json parsing in SPL
I have a json which I need help with breaking into key value pair.
"lint-info": {
"-Wunused-but-set-variable": [
{
"location": {
"column": 58,
"filename": "ab1",
"line": 237
},
"source": "logic [MSGG_RX_CNT-1:0][MSGG_RX_CNT_MAXWIDTH+2:0] msgg_max_unrsrvd_temp; // temp value including carry out",
"warning": "variable 'msgg_max_unrsrvd_temp' is assigned but its value is never used"
},
{
"location": {
"column": 58,
"filename": "ab2",
"line": 254
},
"source": "logic msgg_avail_cnt_err; // Available Counter update error detected",
"warning": "variable 'msgg_avail_cnt_err' is assigned but its value is never used"
}
],
"-Wunused-genvar": [
{
"location": {
"column": 11,
"filename": "ab3",
"line": 328
},
"source": "genvar nn,oo;",
"warning": "unused genvar 'oo'"
}
],
"total": 3,
"types": [
"-Wunused-but-set-variable",
"-Wunused-genvar"
]
},
I need to get a table with Type, filename, line values like below
Type Filename Line
-Wunused-but-set-variable. ab1. 237
-Wunused-but-set-variable. ab2 254
-Wunused-genvar ab3 328
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not a big fan of (mis)using actual data as JSON key. If you have any influence over your developers, ask them to design a proper data structure.
To rescue data in its current state, Splunk will need to construct a proper structure. For this purpose, json_set that Splunk added in 8.0 comes handy. Like this: (Because you didn't enclose sample data, I just assume that lint-info is a top key in your raw data.)
| spath path=lint-info.-Wunused-but-set-variable{}
| spath path=lint-info.-Wunused-genvar{}
| mvexpand lint-info.-Wunused-but-set-variable{}
| mvexpand lint-info.-Wunused-genvar{}
| rename lint-info.*{} AS *
| foreach -Wunused-*
[eval -Wunused = mvappend('-Wunused', json_set('<<FIELD>>', "type", "<<FIELD>>"))]
| mvexpand -Wunused
| spath input=-Wunused
| fields - -Wunused-* _*
This is the result from your sample:
| -Wunused | location.column | location.filename | location.line | source | type | warning |
| {"location":{"column":58,"filename":"ab1","line":237},"source":"logic [MSGG_RX_CNT-1:0][MSGG_RX_CNT_MAXWIDTH+2:0] msgg_max_unrsrvd_temp; // temp value including carry out","warning":"variable 'msgg_max_unrsrvd_temp' is assigned but its value is never used","type":"-Wunused-but-set-variable"} | 58 | ab1 | 237 | logic [MSGG_RX_CNT-1:0][MSGG_RX_CNT_MAXWIDTH+2:0] msgg_max_unrsrvd_temp; // temp value including carry out | -Wunused-but-set-variable | variable 'msgg_max_unrsrvd_temp' is assigned but its value is never used |
| {"location":{"column":11,"filename":"ab3","line":328},"source":"genvar nn,oo;","warning":"unused genvar 'oo'","type":"-Wunused-genvar"} | 11 | ab3 | 328 | genvar nn,oo; | -Wunused-genvar | unused genvar 'oo' |
| {"location":{"column":58,"filename":"ab2","line":254},"source":"logic msgg_avail_cnt_err; // Available Counter update error detected","warning":"variable 'msgg_avail_cnt_err' is assigned but its value is never used","type":"-Wunused-but-set-variable"} | 58 | ab2 | 254 | logic msgg_avail_cnt_err; // Available Counter update error detected | -Wunused-but-set-variable | variable 'msgg_avail_cnt_err' is assigned but its value is never used |
| {"location":{"column":11,"filename":"ab3","line":328},"source":"genvar nn,oo;","warning":"unused genvar 'oo'","type":"-Wunused-genvar"} | 11 | ab3 | 328 | genvar nn,oo; | -Wunused-genvar | unused genvar 'oo' |
Here is data emulation that you can play with and compare with real data
| makeresults
| eval _raw = "{\"lint-info\": {
\"-Wunused-but-set-variable\": [
{
\"location\": {
\"column\": 58,
\"filename\": \"ab1\",
\"line\": 237
},
\"source\": \"logic [MSGG_RX_CNT-1:0][MSGG_RX_CNT_MAXWIDTH+2:0] msgg_max_unrsrvd_temp; // temp value including carry out\",
\"warning\": \"variable 'msgg_max_unrsrvd_temp' is assigned but its value is never used\"
},
{
\"location\": {
\"column\": 58,
\"filename\": \"ab2\",
\"line\": 254
},
\"source\": \"logic msgg_avail_cnt_err; // Available Counter update error detected\",
\"warning\": \"variable 'msgg_avail_cnt_err' is assigned but its value is never used\"
}
],
\"-Wunused-genvar\": [
{
\"location\": {
\"column\": 11,
\"filename\": \"ab3\",
\"line\": 328
},
\"source\": \"genvar nn,oo;\",
\"warning\": \"unused genvar 'oo'\"
}
],
\"total\": 3,
\"types\": [
\"-Wunused-but-set-variable\",
\"-Wunused-genvar\"
]
}}"
``` data emulation above ```
Hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It works when I use below query,
....| spath path=lint-info.-Wunused-but-set-variable{} output=members
| stats count by members InstanceName
But I don't know the values of Type. If there are more than 1 type, query should automatically break into individual events.
