How to merge 2 json objects?

youngstrommj · ‎09-06-2022

Hello, I have an existing json object and I'd like to merge another json object into it. I don't want to combine them into an array. I'd like them merged. Any ideas how I'd do this?

| eval object1=json_object("somekey","value")

| eval object2=json_object("someOtherKey","value")

Combined Value:

{"somekey":"value","someOtherKey":"value"}

kamlesh_vaghela · ‎09-27-2022

@youngstrommj

Can you please try this?

YOUR_SEARCH
| eval object2_keys = json_array_to_mv(json_keys(object2),false()) 
| eval object3=object1 
| foreach mode=multivalue object2_keys 
    [| eval object3=json_set(object3,<<ITEM>>,json_extract(object2,<<ITEM>>))
        ] 
| table object1 object2 object3

My Sample Search :

| makeresults 
| eval object1=json_object("somekey","value") 
| eval object2=json_object("someOtherKey","value","aaa","bbb") 
| eval object2_keys = json_array_to_mv(json_keys(object2),false()) 
| eval object3=object1 
| foreach mode=multivalue object2_keys 
    [| eval object3=json_set(object3,<<ITEM>>,json_extract(object2,<<ITEM>>))
        ] 
| table object1 object2 object3

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

How to merge 2 json objects?

JSON

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor