Thanks so much for the detailed answer! Unfortunately the systems I'm supporting are running Powershell 2.0 and are unable to upgrade to Powershell 3.0. That means I won't be able to use the ConvertFrom-Json cmdlet. I get the error "The term 'ConvertFrom-Json' is not recognized as the name of a cmdlet, function, script file, or operable program." I know you mentioned it was possible to parse the json file in Splunk. Would I still need the Powershell addon? Also would you be able to show me and example on how it can be done in Splunk?
... View more