Hi!
I have a JSON that looks like this (the repeting elements have been removed):
{
"data":{
"viewer":{
"homes":[
{
"currentSubscription":{
"status":"running",
"priceInfo":{
"range":{
"nodes":[
{
"total":0.5375,
"energy":0.43,
"tax":0.1075,
"startsAt":"2018-02-28T09:00:00+01:00",
"currency":"NOK"
},
{
"total":0.5371,
"energy":0.4297,
"tax":0.1074,
"startsAt":"2018-02-28T10:00:00+01:00",
"currency":"NOK"
},
{
"total":0.526,
"energy":0.4208,
"tax":0.1052,
"startsAt":"2018-02-28T11:00:00+01:00",
"currency":"NOK"
}
]
}
}
}
}
]
}
}
}
I'm really having problems getting this JSON parsed when the data comes into SPLUNK via REST.
I'm pulling the data once every day, so I want the "startsAt" to be the time for which I want to be the _time field. I want to have this done as a sourcetype.
In general, the data I want out of this JSON is like this:
_time total energy tax currency
event 2018-02-28T09:00:00+01:00 0.5375 0.43 0.1075 NOK
event 2018-02-28T10:00:00+01:00 0.5371 0.4297 0.1074 NOK
event 2018-02-28T11:00:00+01:00 0.526 0.4208 0.1052 NOK
... View more