I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose value is a JSON data structure. Then using the search `| spath input=Payload`, the value is successfully parsed into KV pairs. But how do I move this to a config file for automatic extraction? I was looking at an `EVAL-` statement with the `spath()` function, but it's not clear what the "Y" value should be if I want to extract all of the fields, not just a specific one:
`EVAL-Payload = spath(Payload, "*")`
↧