Hi,
I would like to assign fields to a delimited text file which does not contain a header.
Lets say an event or row of data looks like the following for a given source:
2343242| 234234cvf32:2345:5656556:-2000|abc-1|DOP|selected|list|{"anid":0,"vid":0,"name":"aname"}|04-03-2013|xyz
As you can see one of the values in the pipe delimited row is JSON, I would like to be able to refer to this data as a specific field and parse it as JSON.
What would be the best approach for this in Splunk?
Regards
D
... View more