Member-only story
Transforming Raw JSON Logs to CSV
I recently had to provide error data stored in Splunk logs to a business user (meaning non-technical). I decided to take the raw JSON log entries and convert them to CSV. Here’s how I did it.
The first step was to export the log entries and massage them into a usable format. In the case of Splunk, I searched for the log entries I needed and exported them as raw data. This gave me something that looked like this.
Given this data, we can make a few tweaks, then use jq to turn it into CSV. If you aren’t familiar with jq, Google it and install it. It’s a very handy command-line tool for working with JSON data. To do this we’ll turn this into a JSON file, put all of those lines in an array, and put commas at the end of each line. I did this manually in Neovim.
