I have a sample data something like below.
{
"Year": {
"Top30RequesterInOneYear": {
"Bob": 22,
"Marry": 12
},
"TotalRequestCountInOneYear": {
"9": "K",
"10": "C"
},
"Top10ActionInOneYear": {
"31": "update table",
"33": "Display log"
}
},
"Month": {
"Top30RequsterInOneMonth": {
"Foo": 3,
"Bob": 6
},
"TotalRequestCountInOneMonth": {
"1": "K",
"5": "C"
},
"Top10ActionInOneMonth": {
"10": "Display log",
"11": "update table"
}
},
"Week": {
"Top30RequesterInOneWeek": {
"Bob": 6
},
"TotalRequestCountInOneWeek": {
"15": "C"
},
"Top10ActionInOneWeek": {
"3": "update table",
"7": "display reboot"
}
}
}
The output is expected is as below. Can someone please help me on this.
Top30RequesterInOneYear
Name | Count
Bob 22
Marry 12
TotalRequestCountInOneYear
Count | Status
9 K
10 C
Top10ActionInOneYear
Count | Action
31 update table
33 Display log
Top30RequsterInOneMonth
Name | Count
Foo 3
Bob 6
TotalRequestCountInOneMonth
Count | Status
1 K
6 C
Top10ActionInOneMonth
Count | Action
10 display log
11 update table
Top30RequesterInOneWeek
Name | Count
Bob 6
TotalRequestCountInOneWeek
Count | Status
15 C
Top10ActionInOneWeek
Count | Action
3 update table
7 display reboot
Can i please get some help ?
Can i please get some expert help on this ?
It looks like you just want to reformat the JSON output - I am not sure Splunk is the right tool for this. Have you considered using a scripting or text processing language, e.g. perl, awk, python, etc.?
I have a python script which talks to database and get the data in json format. Now I need to create a dashboard in splunk out of the data after retrieving in tabular format.
Your script is doing you a disservice. For example, "Bob": 30, should possibly be "Name": "Bob", "count": 30
This would make the handling of the data easier in Splunk.
Also, have you considered extracting the data in Splunk using DBConnect, and building your dashboard directly from the data rather than trying to manipulate a report that your script has generated?
No, I am not using DB connect as that is a sort of limitation in my project.
As i am new to splunk, looking for some help in visualizing data in tabular format.
What is your question? We need a lot more information before we can help.
What help do you need? What is the dashboard expected to do? Is the data already onboarded with fields extracted? What have you tried so far and what have been the results?
Data is not onboarded with field extracted.