JMESPath (pronounced "james path") makes dealing with JSON data in Splunk easier by leveraging a standardized query language for JSON. This allows you to declaratively specify how to extract elements from a JSON document. In many ways, this is a better spath.
Splunk users can download and install the latest release from SplunkBase. Developers can access and contribute to this app on GitHub.
jmespath "<jmespath-string>" [input=<field>] [output=<field>] [default=<string>]
jsonformat [indent=<int>] [order=undefined|preserve|sort] <field> [AS <field>]
Full documentation regarding this app, how to use it, along with various tips and tricks about how to best extract and format your JSON events is available on the GitHub wiki page. See the official JMESPath for Splunk documentation. Many "run-anywhere" examples are provided throughout to help new users get a solid understanding of this tool.
See the Install an add-on in Splunk's official documentation. There are no extra install steps. No configuration is required.
Community support is available on best-effort basis. For information about commercial support, contact Kintyre. Issues are tracked via GitHub
See the full Change log
- John Berwick: original author of this Splunk app
- Lowell Alleman: current maintainer
- James Saryerwinnie: author of JMESPath Python library
- Mike Rybar: Logo