I have below log format using search query I want to extract json string starting from category field and want automatically make key value pair attributes. Here twist is I dont have access to change conf files.
2016-08-22 08:35:12,914 +00:00 [INFO] [XXXXXX] {"category":"XXXX","source":"XXXX","type":"ApplicationLaunch","referrer":"XXXXX","dateLogged":"2016-08-22 08:35:12,914 +00:00","args":{"topUrl":"XXXXXX"}}
Please help me if splunk provides such feature to extract json string using search query.
↧