Hi all,
Very close with the offerings in other JSON/SPATH posts but just not getting it done.
We have a JSON formatted log coming into Splunk that gives a ton of data on our servers. One of them being a 'metal' field that we classify our systems by. We'd like to parse that values.metal field and build a stats table (?) that shows how many systems are in each metal.
The current search (which isn't working well) is 'index=unix source="/var/log/facts/*" metal | stats distinct_count(host) by values.metal
Here's some of the JSON file:
{
"name": "toritsgitvlp01.xx.com",
"values": {
"aio_agent_build": "1.7.2",
"aio_agent_version": "1.7.2",
"architecture": "x86_64",
"augeas": {
"version": "1.4.0"
},
......
},
"memoryfree": "6.76 GiB",
"memoryfree_mb": 6918.28125,
"memorysize": "7.63 GiB",
"memorysize_mb": 7815.03125,
"metal": [
"dirt"
],
.......
Any help MUCH appreciated.
↧