0

I have one "Bal_123.csv" file and when I am searching its data on splunk web by providing query " sourcetype="Bal_123.csv" " I am getting latest indexed raw data in comma separated format. But for further operation I need that data in .Json format

Is there any way we can get that data in .Json format itself. I know I can export the data in Json format but I am using Rest call to get data from splunk and I need that Json data on splunk itself.

can anyone help me regarding this?

Anshu
  • 69
  • 2
  • 18
  • Can you post the code where exactly you need the json format ? – karthickj25 Jan 22 '19 at 13:19
  • Hi, I am taking the response of rest query from splunk inside JsonObject but since the response I am getting is not of Json type and hence JsonObject is not getting populated – Anshu Jan 22 '19 at 15:13

1 Answers1

0

Splunk will parse JSON, but will not display data in JSON format except, as you've already noted, in an export.

You may be able to play with the format command to get something close to JSON. A better option might be to wrap your REST call in some Python that converts the results into JSON.

RichG
  • 9,063
  • 2
  • 18
  • 29
  • I have used format option but only fewdata i.e. the extra parameter I am providing in query is coming in JSON format rest all are still in CSV format. I think I have only option here is to go with Python although it will be time consuming. Thanks Rich – Anshu Jan 29 '19 at 09:23