Thanks @burwell for responding. But I want complete json in a field and handle that json in splunk itself.
Sample JSON array is-
[
{
"set":3,
"ids":[
9
],
"status":12,
"code":570,
"idDetails":[
{
"id":9,
"status":12,
"code":570
}
]
},
{
"set":1,
"ids":[
5,
8
],
"status":21,
"code":601,
"idDetails":[
{
"id":5,
"status":21,
"code":601
},
{
"id":8,
"status":21,
"code":601
}
]
}
]
With this kind of nested JSON and with multiple keys having the same name, its not possible to extract all the fields in SQL itself.
... View more