Right now I have a json file that's formatted like:
{
"Log Files":[
{"Date":"2014-07-18 21:22:51", "Available Bytes(kb)":3960078, ...},
{"Date":"2014-07-18 21:24:01", "Available Bytes(kb)":4001231, ...},
{"Date":"2014-07-18 21:25:14", "Available Bytes(kb)":3872959, ...}]}
Right now it's showing up in Splunk as:
timestamp Date Available Bytes(kb)
2014-07-18 21:22:51:000 2014-07-18 21:22:51 3960078
2014-07-18 21:24:01 4001231
2014-07-18 21:25:14 3872959
How can I split these up into individual events when I load the data? I can get the timestamp to correctly match the Date field, but it will still only give one date for the whole file, even though there are several lines that are each individual logs.
... View more