Extracting field as a json object

vpsierra · ‎10-07-2020

I am trying to extract a field(json array having objects) from events, now I would like to extract few more fields from that json array

[
{
"name": "a",
"age": "19",
"date_populated": "02/20/2019"

},
{
"name": "b",
"age": "23",
"date_populated": "02/25/2019"
}

]

can you please let me know how I can get a list of names

to4kawa · ‎10-10-2020

index=_internal | head 1 | fields _raw _time | eval _raw="[
{
\"name\": \"a\",
\"age\": \"19\",
\"date_populated\": \"02/20/2019\"

},
{
\"name\": \"b\",
\"age\": \"23\",
\"date_populated\": \"02/25/2019\"
}

]"
| rename COMMENT as "the logic"

| spath {} output=root
| mvexpand root
| spath input=root
| table name age date_populated

Extracting field as a json object

field extraction

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!