I have the following event which contains an array of records ProcessName: TestFlow270 message: TestMessage1 records: [ [-] {"Username": "138perf_test1@netgear.com.org", "Email": "...
See more...
I have the following event which contains an array of records ProcessName: TestFlow270 message: TestMessage1 records: [ [-] {"Username": "138perf_test1@netgear.com.org", "Email": "tmckinnon@netgear.com.invalid", "Id": "00530000000drllAAA"} {"Username": "clau(smtest145)@netgear.com.org", "Email": "clau@netgear.com.invalid", "Id": "0050M00000DtmxIQAR"} {"Username": "d.mitra@netgear.com.test1", "Email": "d.mitratest1@netgear.com", "Id": "0052g000003DSbTAAW"} {"Username": "demoalias+test1@guest.netgear.com.org", "Email": "demoalias+test1@gmail.com.invalid", "Id": "0050M00000CyZJYQA3"} {"Username": "dlohith+eventstest1@netgear.com.org", "Email": "sfdcapp_gacks@netgear.com.invalid", "Id": "0050M00000CzJvYQAV"} {"Username": "juan.gimenez+test1@netgear.com.apsqa2", "Email": "juan.gimenez+test1@netgear.com", "Id": "005D10000043gVxIAI"} {"Username": "kulbir.singh+test1@netgear.com.org", "Email": "sfdcapp_gacks@netgear.com.invalid", "Id": "0050M00000CzJvaQAF"} {"Username": "rktest1028@guest.netgear.com.org", "Email": "rktest1028@gmail.com.invalid", "Id": "0053y00000G0UmxAAF"} {"Username": "test123test2207@test.com", "Email": "kkhatri@netgear.com", "Id": "005D10000042Mi1IAE"} {"Username": "test123test@test.com", "Email": "test123test@test.com", "Id": "0052g000003EUIUAA4"} ] severity: DEBUG I tried this query index=abc|spath input=records{} | mvexpand records{} | table ProcessName, message, severity, Username, Email, as Id it returns 10 records but all the 10 records have same value I mean the first record Is there way to parse this array with all the key value pairs @gcusello @yuanliu