GithubHelp home page GithubHelp logo

kintyre / jmespath Goto Github PK

View Code? Open in Web Editor NEW
5.0 5.0 1.0 207 KB

JMESPath app for Splunk

Home Page: https://splunkbase.splunk.com/app/3237/

Python 91.84% Shell 8.16%
splunk-application splunk jmespath json

jmespath's Introduction

jmespath

JMESPath for Splunk

Example usage

JMESPath (pronounced "james path") makes dealing with JSON data in Splunk easier by leveraging a standardized query language for JSON. This allows you to declaratively specify how to extract elements from a JSON document. In many ways, this is a better spath.

Splunk users can download and install the latest release from SplunkBase. Developers can access and contribute to this app on GitHub.

Syntax

jmespath "<jmespath-string>" [input=<field>] [output=<field>] [default=<string>]
jsonformat [indent=<int>] [order=undefined|preserve|sort] <field> [AS <field>]

Documentation

Full documentation regarding this app, how to use it, along with various tips and tricks about how to best extract and format your JSON events is available on the GitHub wiki page. See the official JMESPath for Splunk documentation. Many "run-anywhere" examples are provided throughout to help new users get a solid understanding of this tool.

Installation & Configuration

See the Install an add-on in Splunk's official documentation. There are no extra install steps. No configuration is required.

Sourcetypes

Sourcetype Purpose
command:jmespath Internal logs and stats related to custom Jmespath SPL command.
command:jsonformat Internal logs and stats related to custom Jmespath SPL command.

Troubleshooting

Find internal/script errors:

Enable debug logging

Add logging_level=DEBUG to your existing query to enable additional debug logs:

| jsonformat logging_level=DEBUG ...

Search internal logs

Search the above debug logs, or other messages from or about the Jmespath SPL search command:

index=_internal (source=*jmespath.log*) OR (sourcetype=splunkd jsonformat.py)

Review SPL search command logs group by request:

index=_internal sourcetype=command:jsonformat | transaction host Pid

License

Apache License 2

Development

If you would like to develop or build this TA from source, see the development documentation.

Reference

Support

Community support is available on best-effort basis. For information about commercial support, contact Kintyre. Issues are tracked via GitHub

History

See the full Change log

Credits

  • John Berwick: original author of this Splunk app
  • Lowell Alleman: current maintainer
  • James Saryerwinnie: author of JMESPath Python library
  • Mike Rybar: Logo

This addon was built from the Kintyre Splunk App builder (version 1.11.5) cookiecutter project.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.