I am trying to extract various fields from below entry in splunk.
I executed the below splunk query :
index=test_index source="testlogs.log" "InteractionId=test_interaction_id1" | search("||url") | table service,operation,status,status_code,exception,duration,url,request, response
The below is splunk log entry:
2019-02-28 22:21:34.248 [UUID=d791aecb-c320-453a-9207-bf96e01beaaf|InteractionId=test_interaction_id1] INFO com.test.MyLogger - service="TestService"||operation="testOperation"||url="http://localhost:8080/testservice/v4/testOperation"||request="{\"customer\":{\"id\":\"80\",\"name\":...".
request and response fields which are XML or JSON are not displayed properly in the table.
JSON is dispalyed as {\
I would like to have the complete JSON and XML in the table.
Thanks in Advance!
@amith7 What does the raw event look like? Your code post isn't clear. To be clear, please edit your question, highlighting the event and then using the code tool button. That's the button that looks like the 101010
.
Without more information, the JSON doesn't look standard. I would use the rex (short for regular expression) command to slice out exactly what you want into a new field.
Here's the documentation for the rex command: https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/Rex
What do you mean by "request and response fields which are XML or JSON are not displayed properly in the table"? They will not be pretty-printed, if that's what you mean.
I am trying to extract various fields from below entry in splunk.
I executed the below splunk query :
index=test_index source="testlogs.log" "InteractionId=test_interaction_id1" | search("||url") | table service,operation,status,status_code,exception,duration,url,request, response
The below is splunk log entry:
2019-02-28 22:21:34.248 [UUID=d791aecb-c320-453a-9207-bf96e01beaaf|InteractionId=test_interaction_id1] INFO com.test.MyLogger - service="TestService"||operation="testOperation"||url="http://localhost:8080/testservice/v4/testOperation"||request="{\"customer\":{\"id\":\"80\",\"name\":..."
request and response fields which are XML or JSON are not displayed properly in the table.
JSON is dispalyed as {\
I would like to have the complete JSON and XML in the table.
You've just re-posted the original question twice without fixing the error, improving the formatting, or adding clarifying information. Help us help you!
Can you repost using the code tool 101010
?
It looks like some of your content has been stripped from the question (probably because it looked like XML/HTML)
I am trying to extract various fields from below entry in splunk.
I executed the below splunk query :
index=test_index source="testlogs.log" "InteractionId=test_interaction_id1" | search("||url") | table service,operation,status,status_code,exception,duration,url,request, response
The below is splunk log entry:
2019-02-28 22:21:34.248 [UUID=d791aecb-c320-453a-9207-bf96e01beaaf|InteractionId=test_interaction_id1] INFO com.test.MyLogger - service="TestService"||operation="testOperation"||url="http://localhost:8080/testservice/v4/testOperation"||request="{\"customer\":{\"id\":\"80\",\"name\":..."
request and response fields which are XML or JSON are not displayed properly in the table.
JSON is dispalyed as {\
I would like to have the complete JSON and XML in the table.