Query json data using Splunk Query json data using Splunk json json

Query json data using Splunk


sql-server json excel ssis splunk

Here you go :)

You can ignore the first part, that's just me hard-coding in your data into the search

| makeresults| eval json = "{\"columns\": [{  \"name\": \"database_name\",  \"values\": [    \"sales\",    \"salesr\",    \"sal\"  ],  \"encd\": 0,  \"type\": 0},{  \"name\": \"machine_name\",  \"values\": [    \"ISRVMN823\",    \"ISRVMN825\",    \"ISRVMN822\"  ],  \"encd\": 0,  \"type\": 0},{  \"name\": \"program_name\",  \"values\": [    \"SQLAgent - TSQL JobStep (Job 0x8701D9C6BFB3A146B9E6AB0602F5B4C3 : Step 1)\",    \"SQLAgent - TSQL JobStep (Job 0xE3521B34CED03441B971A36E8EF5210B : Step 1)\",    \"SQLAgent - TSQL JobStep (Job 0x4BBA5C65C5AF78469A7FE9B765BE430E : Step 1)\"  ],  \"encd\": 0,  \"type\": 0}],\"submission_time\": 1483617753706,\"ds_id\": \"ISRVMN889\",\"identity_broker\": \"00_yr\",\"connection_name\": \"ISRVMN822SQL2012NY\",\"table_name\": \"pass_unique_stat_5m\",\"version\": \"1.0.0\",\"duration\": 300,\"sample_time\": 1483617300000}"| spath input=json path=columns{} | rename columns{} as cols | table cols| mvexpand cols| spath input=cols | rename values{} as values | table name values| transpose header_field=name | fields - column

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last