You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And from a splunk side of things, it would be helpful if we could assign these all to a common prefix.
So for example, if the prefix given was ExtProp. then the field names in Splunk would be ExtProp.resultType, ExtProp.auditEventCategory, ExtProp.nCloud, ... and so on.
May need to add some kind of field name sanitization to this as well, to prevent spaces and other weird characters from slipping though.
This entire approach would hide values if the name Name was given twice, but I think that's an acceptable risk. Know your data.
The text was updated successfully, but these errors were encountered:
- Added an initial implementation of the unroll(hash,'key','value') function
for JMESPath. Still not sure what it should be called, but the logic should
word. Closes#5.
- Add an online appinspect checking script.
Unroll lists of Name/Value pairs and turn them back into dicts/objects. (Rather than using
xyseries
key Name Value" oreval {Name}=Value
tricks.)Take data that looks like this:
And we want to instead map that to an object that looks like this:
And from a splunk side of things, it would be helpful if we could assign these all to a common prefix.
So for example, if the prefix given was
ExtProp.
then the field names in Splunk would beExtProp.resultType
,ExtProp.auditEventCategory
,ExtProp.nCloud
, ... and so on.May need to add some kind of field name sanitization to this as well, to prevent spaces and other weird characters from slipping though.
This entire approach would hide values if the name
Name
was given twice, but I think that's an acceptable risk. Know your data.The text was updated successfully, but these errors were encountered: