Can you explain how you are calling this? How are the events in Splunk itself? Can you give the output of the logger for the results? I can see the input but how Splunk presents them to your command is important for the parsing.
logger.info(json_events)
Also, linting this JSON input gives me an error.
Error: Parse error on line 26:
... "Name": "pri" }, ], }
----------------------^
Expecting 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '[', got ']'
There shouldn't be ending commas. For example, this json is valid -
{
"Type": "defect",
"Fields": [{
"values": [],
"Name": "ut2"
}, {
"values": [{
"value": "SF"
}],
"Name": "ut3"
}, {
"values": [{
"value": "2"
}],
"Name": "vs"
}, {
"values": [{
"value": "N"
}],
"Name": "attached"
}, {
"values": [{
"value": "vh"
}],
"Name": "pri"
}]
}
... View more