@vikashumble | makeresults | eval json1="{\"id\": \"XXXXX\",\"displayName\": \"ANY DISPLAY NAME\",\"createdDateTime\": \"2021-10-05T07:01:58.275401+00:00\",\"modifiedDateTime\": \"2025-02-05T10:3...
See more...
@vikashumble | makeresults | eval json1="{\"id\": \"XXXXX\",\"displayName\": \"ANY DISPLAY NAME\",\"createdDateTime\": \"2021-10-05T07:01:58.275401+00:00\",\"modifiedDateTime\": \"2025-02-05T10:30:40.0351794+00:00\",\"state\": \"enabled\",\"conditions\": {\"applications\": {\"includeApplications\": [\"YYYYY\"],\"excludeApplications\": [],\"includeUserActions\": [],\"includeAuthenticationContextClassReferences\": [],\"applicationFilter\": null},\"users\": {\"includeUsers\": [],\"excludeUsers\": [],\"includeGroups\": [\"USERGROUP1\", \"USERGROUP2\"],\"excludeGroups\": [],\"includeRoles\": [],\"excludeRoles\": []},\"userRiskLevels\": [],\"signInRiskLevels\": [],\"clientAppTypes\": [\"all\"],\"servicePrincipalRiskLevels\": []},\"grantControls\": {\"operator\": \"OR\",\"builtInControls\": [\"mfa\"],\"customAuthenticationFactors\": [],\"termsOfUse\": []},\"sessionControls\": {\"cloudAppSecurity\": {\"cloudAppSecurityType\": \"monitor\",\"isEnabled\": true},\"signInFrequency\": {\"value\": 1,\"type\": \"hours\",\"authenticationType\": \"primaryAndSecondaryAuthentication\",\"frequencyInterval\": \"timeBased\",\"isEnabled\": true}}}" | eval json2="{\"id\": \"XXXXX\",\"displayName\": \"ANY DISPLAY NAME 1\",\"createdDateTime\": \"2021-10-05T07:01:58.275401+00:00\",\"modifiedDateTime\": \"2025-02-06T10:30:40.0351794+00:00\",\"state\": \"enabled\",\"conditions\": {\"applications\": {\"includeApplications\": [\"YYYYY\"],\"excludeApplications\": [],\"includeUserActions\": [],\"includeAuthenticationContextClassReferences\": [],\"applicationFilter\": null},\"users\": {\"includeUsers\": [],\"excludeUsers\": [],\"includeGroups\": [\"USERGROUP1\", \"USERGROUP2\", \"USERGROUP3\"],\"excludeGroups\": [\"USERGROUP4\"],\"includeRoles\": [],\"excludeRoles\": []},\"userRiskLevels\": [],\"signInRiskLevels\": [],\"clientAppTypes\": [\"all\"],\"servicePrincipalRiskLevels\": []},\"grantControls\": {\"operator\": \"OR\",\"builtInControls\": [\"mfa\"],\"customAuthenticationFactors\": [],\"termsOfUse\": []},\"sessionControls\": {\"cloudAppSecurity\": {\"cloudAppSecurityType\": \"block\",\"isEnabled\": true},\"signInFrequency\": {\"value\": 2,\"type\": \"hours\",\"authenticationType\": \"primaryAndSecondaryAuthentication\",\"frequencyInterval\": \"timeBased\",\"isEnabled\": true}}}" | spath input=json1 path="displayName" output=displayName_old | spath input=json2 path="displayName" output=displayName_new | spath input=json1 path="modifiedDateTime" output=modifiedDateTime_old | spath input=json2 path="modifiedDateTime" output=modifiedDateTime_new | spath input=json1 path="conditions.users.includeGroups{}" output=includeGroups_old | spath input=json2 path="conditions.users.includeGroups{}" output=includeGroups_new | spath input=json1 path="conditions.users.excludeGroups{}" output=excludeGroups_old | spath input=json2 path="conditions.users.excludeGroups{}" output=excludeGroups_new | spath input=json1 path="sessionControls.cloudAppSecurity.cloudAppSecurityType" output=cloudAppSecurityType_old | spath input=json2 path="sessionControls.cloudAppSecurity.cloudAppSecurityType" output=cloudAppSecurityType_new | spath input=json1 path="sessionControls.signInFrequency.value" output=signInFrequencyValue_old | spath input=json2 path="sessionControls.signInFrequency.value" output=signInFrequencyValue_new | eval changes=mvappend( if(displayName_old!=displayName_new, "displayName, ".displayName_old.", ".displayName_new, null()), if(modifiedDateTime_old!=modifiedDateTime_new, "modifiedDateTime, ".modifiedDateTime_old.", ".modifiedDateTime_new, null()), if(includeGroups_old!=includeGroups_new, "users.includeGroups, ".includeGroups_old.", ".includeGroups_new, null()), if(excludeGroups_old!=excludeGroups_new, "users.excludeGroups, ".excludeGroups_old.", ".excludeGroups_new, null()), if(cloudAppSecurityType_old!=cloudAppSecurityType_new, "sessionControls.cloudAppSecurityType, ".cloudAppSecurityType_old.", ".cloudAppSecurityType_new, null()), if(signInFrequencyValue_old!=signInFrequencyValue_new, "signInFrequency.value, ".signInFrequencyValue_old.", ".signInFrequencyValue_new, null()) ) | mvexpand changes | rex field=changes "(?<key>[^,]+), (?<old_value>[^,]+), (?<new_value>.+)" | table key, old_value, new_value