-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Welcome to the official docs for the JMESPath app for Splunk!
Splunk users can download and install the latest release from SplunkBase. Developers can get early access to upcoming release and contribute to this app on GitHub.
All of this documentation assumes that your running version 2.0 of the app or later. (Or currently, the 1.9.x series which is a pre-release for 2.0.x). There were some backwards compatibility breaks between 1.0 and 2.0 so beware of what version you are running. Really early releases disabled upgrade-checking, so the UI may not tell you that an new version is available for release. (As far as I know, no one was actually using 1.0, if that's not true please contact me!)
This app adds 2 new search commands to your Splunk instance:
jmespath "<jmespath-string>" [input=<field>] [output=<field>] [default=<string>]
jsonformat [indent=<int>] [order=undefined|preserve|sort] <field> [AS <field>]
Full command reference:
Throughout this documentation you'll find many "run-anywhere" examples that are intended to allow new users to quickly test out new concepts with minimal effort. The benefit of run-anywhere examples is that you don't have to setup ingestion or subscribe to a particular service to try these out. You can test out a concept quickly and easily without fear of damaging anything. See the Tutorial page to get started.
- Introduction
- So what is JMESPath?
- What's wrong with spath?
- Command Reference
- Tutorial (Search examples)
- Change Log