Hi to all, I'm new to the splunk use and I have an issue with a software that write logs in a non standard way (of my fresh knowledge of splunk)
{
"name":"clientLogger",
"level":30,
"levelName":"info",
"msg":"[audio] iceServers",
"time":"2018-08-27T19:32:57.389Z",
"src":"xxxxxx",
"v":1,
"extraInfo":{
"sessionToken":"e7boenucj1pwkbfc",
"meetingId":"183f0bf3a0982a127bdb8161e0c44eb696b3e75c-1535398242909",
"requesterUserId":"w_klfavdlkumj8",
"fullname":"Ios",
"confname":"Demo Meeting",
"externUserID":"w_klfavdlkumj8"
},
"url":"xxxx",
"userAgent":"Mozilla/5.0",
"count":1
}
and in splunk the log are:
the only info I need are:
- time
- fullname
- confname
But regex don't work and I don't recognize how to set only the proper field!
Some help or how to guide would be helpful!
Thanks in advance!
... View more