I have a JSON with a field containing another object, but this object varies depending on type. For example, you may have these 3 logs under the same sourcetype/index: { "Log":"something","user": "me" ,"type":"car", "data": {"case1":"something"} } { "Log":"something","user": "me" ,"type":"apple", "data": {"fruity":"yummy"} } { "Log":"something","user": "me","type":"Cauliflower", "data":{"veggie":"eww", "fact":"good for you"} } and I want a table query to look something like this: user | data me | {"case1":"something"} me | {"fruity":"yummy"} me | {"veggie":"eww", "fact":"good for you"} I tried the following query: index=mylog | table user,data but my results usually look like this (with either nulls or straight up empty): user | data me | null me | me | null data itself may sometimes be very long, but I would still like to see its entire output in the table. How can I go about this?
... View more