Hi,
I have an application that logs in json format using arrays. I want to do stats function on the elements in the array but cannot figure out how.
Log file:
{ "timestamp": "2013-01-04 0...
When I try to do anything with the JSON fields extracted during data input, I get things like Invalid when I do typeof in an eval. I can see the extracted fields in the UI and the Timestamp is c...
Hoping someone can help me get past the last hurdle. I'm trying to create a custom function that dynamically calls other custom functions. I've got the part of generating the list o...
The substr function is not working for json logs for us in 6.5.2 for Dev version. Whereas the Prod version of the Splunk seems to be supporting the same.
I checked the builds as well, both h...
My query returns many events, each event is in a form of a json i.e. { "key1": "val1", "key2":"val2"} I would like to convert all events to one event that contains all the original events using s...
Hi, I've got a problem with this playbook code block, the custom functions I try to execute seem to hang indefinitely, I also know the custom function works because I've successfully used it f...
I have some json data that was indexed with sourcetype=_json. There is one field in the json that is an array. I need to show a chart of the counts by the values in the array. The wrinkle is t...
Hi Team,
We are performing Splunk ES upgrade from 4.7.1 to 5.2.0.
Post upgrade, I have few .xml, .json files that needs to be mapped to ES5.2.0
For ex: We have customized correlation_search_e...
Hi All, Can someone pls assist me in extracting the different Recipients out this nested Json ? This is from O365 logs. I have followed https://community.splunk.com/t5/G...
I would like to create a new panel in my Dashboard and I am using the following search string:
index=$index$ eventId=xy source="zz-json.log" (X-TRACE-ID="PV3*") OR (X-TRACE-ID="IPL*")| dedup X-T...