Re: Exporting in JSON

chipmunk · ‎08-31-2010

outputcsv exports data in csv format. Can I output it to .json format ?

doksu · ‎04-06-2017

I just wrote an app that can create JSON in-line: https://splunkbase.splunk.com/app/3540/

With this you could convert _raw (and any other fields not from _raw) to JSON, then export a "csv" with one field containing the JSON.

... | mkjson outputfield=json | table json | outputcsv mycsv

Be sure to read the Usage guide (https://github.com/doksu/TA-jsontools/wiki#usage-1) which has a range of examples.

manish_singh_77 · ‎11-19-2019

@doksu

I have a query where we are trying to output the results into csv but now we would like to have that in json format.

Can we do that through this app?

doksu · ‎01-09-2020

I'm not sure I understand the question. Splunk cannot write to a json file, however you can produce JSON using the mkjson command as seen above then pipe that to another command like outputcsv to dump that to disk (JSON inside a CSV).

Stephen_Sorkin · ‎08-31-2010

There is no analogous search command to write a JSON formatted file from within a search itself. You can run a search using the REST API (http://www.splunk.com/base/Documentation/latest/Developer/RESTIntro) and fetch the results in JSON format using the argument output_mode=json from the events, results or results_preview resources.

Exporting in JSON

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...