I am receiving JSON into Splunk in the following format.Im trying to figure out how i can do searches to plot average values for this nested data. I need to be able to plot a line for each node over time, but i also need to be able to plot the average value for all nodes within a gateway over time. I dont know if i should be splitting up this data into multiple events as it comes into splunk. or whether my search should normalise all nodes to a common name as the id is in the data, and then try to split it up. or what other options i havent thought of yet.
the list of nodes is a dyanmic list, so i cant hardcode these node ids.
gateway: "gateway1",
nodes: {
1002: {
id: 1002
}
11: {
id: 11
value: 100
} ,
14: {
id: 11
value: 120
}
}
Help is really appreciated.
↧