Splunk newbie here.
I need to extract fields from our JSON logs, sample _raw output below:
2014-01-22 21:25:33,802 [xid=,fn=] INFO [pool-9-thread-1] tion.rts.RTSConsumer | Processing RTS JSON=RTSJsonEvent{value(m)='279732640,CardYellowHome,0104400000|279736050,CardYellowHome,0304000000|279738003,GoalHome,0404000000|279745927,GoalHome,0593900000', match id(t)='123456', type id(tp)='112', key(k)='CardYellowHome,No Player|CardYellowHome,No Player|GoalHome,No Player|GoalHome,No Player', parent id(p)='', id(i)='279746011', servertime='2014-01-23 02:25:33.619'}
I want the output in table format wherein it contains the values for match id, type id, key, parent id, id, and server time.
Thanks for the help.
... View more