I'm using Splunk to store data tuples that contain maps.
For example, such a map is: {"likes": ["strawberry", "vanilla"], "dislikes": ["chocolate"]}.
Is there a way to get Splunk to recognize this as a map? To identify the keys? To query for specific values?
Thanks!
That looks like JSON, no big deal to index and have its fields extracted - check out http://docs.splunk.com/Documentation/Splunk/latest/Data/Extractfieldsfromfileswithstructureddata
Martin, thanks.
Yes, it is JSON and I have managed to get Splunk to "handle" it.
However, when this map is extracted, it doesn't behave in the best of ways. I seem to get an "Interesting Field" for every instance of "first" key in the map.
Is there a way to query the maps for certain keys or values?