Kasis Shrestha
Reputation: 77
Array in the Splunk Search
Object{1}
->a{4}
col1: "1"
col2: "2"
col3: "3"
col3: "4"
->b[2]
0{2}
col5: "55"
col6: "66"
1{2}
col5: "5555"
col6: "6666"
I want to query in the Splunk such that I can obtain the above result I was able to get the a-> col1,col2,col3,col4 to be displayed in table .
But wanted to check how I do it for the array :
Upvotes: 0
Views: 1206
Answers (1)
Chandika
Reputation: 123
Splunk doesn't have arrays, but there are multivalues fields in Splunk. Here I think you can use spath.
| makeresults
|eval data ="{\"a\":{\"col1\":\"1\",\"col2\":\"2\",\"col3\":\"3\",\"col4\":\"4\"},\"b\":{\"0\":{\"col5\":\"55\",\"col6\":\"66\"},\"1\":{\"col5\":\"5555\",\"col6\":\"6666\"}}}"
| spath input=data
| table a.*
Upvotes: 0
Related Questions
- Targeting Outlook.com with CSS / conditionals in 2022?
- Outlook 365 Windows Not Respecting Darkmode Media Query - Email Template
- Override outlook dark mode in html emails
- Outlook in darkmode messes with the css
- Targeting Windows Outlook Desktop Client
- outlook.com how to target css at a specific class
- How to target Outlook.com specifically
- Email templates for Outlook
- HTML Email for Outlook 2011
- Can I detect outlook client and change styles of my html email?