Hey Folks, i have a silly Q, I am using GeoIP with maxminddbs and it adds a json array like it should. When it gets into Splunk, the only way to search elements in the array requires an | spath command and cant search like a normal key=value. is it recommended to do a json extract after the GeoIP function? if not, how should I pull those fields?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.