-
Notifications
You must be signed in to change notification settings - Fork 1
Tutorial
There are many "run-anywhere" examples on these pages to enable new users to quickly grasp and test-out new concepts with minimal effort. Feel free to review these as you browse around. We encourage new users to test these out themselves as soon as possible, there's no substitute for hands-on experience and installation is easy. And the benefit of run-anywhere examples is that you don't have to configure ingestion or subscribe to a particular service to try these out. This works great on a local test instance of Splunk.
A full list of the tutorial topic are available on the right-side navigation bar.
Simply copy-n-paste the entire example into your Splunk search bar. You should be able to see the results within a few seconds. On thing to note is that many of these examples are long and sometimes they are on a single line. Be sure to copy the entire example.
Nearly all of these do require that you have already install jmespath in your Splunk environment first.
Here's a trivial example to get you started:
| makeresults | eval _raw="{\"doc\":{\"jmespath\":\"JMESPath rocks\"}}"
| jmespath output=newfield doc.jmespath | table newfield
If you're looking to learn JMESPath, check out the JMESPath Tutorial.
Keep in mind that while all the syntax is the same, the JMESPath for Splunk app does add several custom functions to the language. Therefore some examples that work in Splunk will not work in the online JMESPath evaluator in the tutorial.
- Introduction
- So what is JMESPath?
- What's wrong with spath?
- Command Reference
- Tutorial (Search examples)
- Change Log