- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-10-2023 01:03 AM
Hi,
I am running a query in splunk search automation, The output I am getting includes too many brackets. I want to edit the output and I want to further use that output in different task.
Can anyone please suggest how can I edit the splunk search output.
10-11-2023 03:26 AM
Hi @Himangi ,
You can use Transformers for that purpose. You can use !Set command to do desired changes on the output and set the results to the another key. If you share the output and desired format, I will try to help you.
10-12-2023 02:58 AM - edited 10-12-2023 03:38 AM
Hi @gyldz
So I am using this query index=windows EventCode=4625 user=user1| stats values(Account_Domain) as Account_Domain values(name) as Reason dc(_time) as LoginFailedCount
and I am getting the result as
[{"Account_Domain":"Test","LoginFailedCount":"24","Reason":["An account failed to log on","User name is correct but the password is wrong"]}]
I want to edit this output by removing brackets. I want the result as below:
Account_Domain:Test
LoginFailedCount:24
Reason:An account failed to log on,User name is correct but the password is wrong
10-16-2023 06:43 AM
Hi @gyldz
Thankyou for replying.
I tried the above automation and I am getting error as failed to parse argument and that particular task is getting paused.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!