I'm trying to escape JSON data at index time because I can't do it from within the application that is generating the log. Although the log syntax is JSON, some of the data comes with unescaped backslashes. I'm very new to Splunk so I'm kind of floundering here. Is there a way to transform the data at index time to escape the backslashes? Here is a sample (notice the 4th field - UserName):
{
"Timestamp": "2014-05-10 10:11:38.768",
"TimeZone": "EDT",
"Machine": "xyz",
"UserName": "someDomain\someUser",
"CorrelatorID": "DistributedWorkController",
"TimerDepth": "0",
"Message": "Executing the GetNextAvailableWorkItem method.",
"ApplicationName": "DistributedWorkController",
"Context": "GetNextAvailableWorkItem",
"TimerMilliseconds": "650",
"TimerType": "Method",
}
Thanks!
... View more