Splunk parses pure JSON logs almost like magic. The format works really well for Splunk to automatically extract fields you would need in your searches. However, an issue arises when a JSON log separates the key and the value into two different key/value pairs where “key” and “value” become the fields. For example, a […]
The post Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches? appeared first on Hurricane Labs.
The post Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches? appeared first on Security Boulevard.
This article has been indexed from Security Boulevard