×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rajesh143rs
Engager
Member since: ‎03-28-2024
‎03-28-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-28-2024
View All

Re: Query to return events when all the objects of...

by in Splunk Search
‎03-28-2024 08:18 PM
‎03-28-2024 08:18 PM
@yuanliu There was a misunderstanding from my end about the query. Your suggested query works great. Thanks again 👍 ... View more

Re: Query to return events when all the objects of...

by in Splunk Search
‎03-28-2024 08:14 PM
‎03-28-2024 08:14 PM
Hi @yuanliu , Thanks a lot, your query works 🙏 ... View more

Re: Query to return events when all the objects of...

by in Splunk Search
‎03-28-2024 05:58 PM
‎03-28-2024 05:58 PM
Hi @yuanliu , Thanks for the response the first query, as you have mentioned it 'Select events in which list{}.name has one unique value "Hello" ' is there a way select events in which all the objects should contain name == "Hello" instead of just one unique value? To clarify about your query - 'given that list is an array, selecting only the first element for matching may not be what the use case demands' I understand that it sounds weird 🙂, but our use case is about selecting events where the first object in an array/list should have    type == "code"     ... View more

Query to return events when all the objects of an ...

by in Splunk Search
‎03-28-2024 10:03 AM
‎03-28-2024 10:03 AM
  I need help with a splunk query to return events where an array of object contains certain value for a key in all the objects of an array Event 1: { list: [ {"name": "Hello", "type": "code"}, {"name": "Hello", "type": "document"} ] } Event 2: { list: [ {"name": "Hello", "type": "code"}, {"name": "World", "type": "document"} ] } Event 3: { list: [ {"name": "Hello", "type": "document"}, {"name": "Hello", "type": "document"} ] } filters: In the list array, the first object in an array should have "type": "code" In all the items in the list array should have "name": "Hello" Expected output: In the above list of events the query should return 'Event 1', where first item - list[0].type = code and list has all the items with "name": "Hello" I tried multiple ways like search list{}.name="Hello" This was returning the events which had atleast 1 element having name: Hello However i was able to achieve checking for 1st filter as below | eval conflict = mvindex(list, 0) | spath input=conflict | search type=code If someone can help in achieving both the filters in a query that will be helpful. Thanks in advance   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-28-2024 09:50 PM