Hi guys,
I would like to convert the following event into a table:
{
Id: 1505207351
Start: 1505207651
Resource: res
Nodes: [
[ res1, 1 ] , [ res2, 3 ]
]
}
The output should be a table like this:
Id | Start | Nodes
1505207351 | 1505207651 | [res1,1] , [res2,3]
Or even better, display a subtable in the Nodes column:
Id | Start | Nodes
| | Res | Rank
-------------------------------------
1505207351 | 1505207651 | res1 | 1
| res2 | 3
------------------------------------
2305207351 | 2305207651 | res3 | 4
| res4 | 3
The event sourcetype is _json
My actual query to search the events is this:
index="myindex" | spath | table Id, Start, Nodes
The result is a table but the Nodes column is empty
Thanks
↧