Hi I was been trying hard to extract the following data into a table with the column names failedTestCases(failedScenarios), nameOfTheTestScenario(name), passedTestCases(passedScenarios). And wanted to have a column with successPercent and FailurePercent for each of the test scenario.

Example Data:

{
e2eresult: {
features: [
{
failedScenarios: 0
name: TPAS Activation scenario with Port In[mocked]
passedScenarios: 2
},
{
failedScenarios: 0
name: TPAS Activation scenario[mocked]
passedScenarios: 4
},
{
failedScenarios: 0
name: TPAS Add A Line scenario[mocked]
passedScenarios: 6
},
{},
{}
]
project: test - automation
status: Passed
}
}

Here is what I have done something, 

index=duck source=/var/log/containers/**.log | search "e2eresult" | eval _raw="{\"e2eresult\": [{\"features\":[{\"failedScenarios\":\"0\",\"name\":\"TPAS Activation scenario with Port In [mocked]\",\"passedScenarios\":2},{\"failedScenarios\":\"0\",\"name\":\"TPAS Activation scenario [mocked]\",\"passedScenarios\":4}]}]}" | eval all_fields=mvzip('e2eresult.features{}.failedScenarios', 'e2eresult.features{}.name', 'e2eresult.features{}.passedScenarios', ",") | fields all_fields | mvexpand all_fields
| makemv delim="," all_fields
| eval failedTestCases=mvindex(all_fields, 0)
| eval nameOfTheTestScenario=mvindex(all_fields, 1) | eval passedTestCases=mvindex(all_fields, 2)
| table failedTestCases, nameOfTheTestScenario, passedTestCases