Splunk parses pure JSON logs almost like magic. The format works really well for Splunk to automatically extract fields you would need in your searches. However, an issue arises when a JSON log separates the key and the value into two different key/value pairs where “key” and “value” become the fields. For example, a [...]
The post Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches? appeared first on Hurricane Labs.
The post Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches? appeared first on Security Boulevard.
source https://securityboulevard.com/2024/03/oh-no-my-json-keys-and-values-are-separated-how-can-i-extract-them-for-my-searches/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.