| Table of Contents | ||||
|---|---|---|---|---|
|
Description
Converts a string data type into json data type, which is required as an argument for the Jq evaluation (jqeval) operation.
How does it work in the search window?
Select Create field in the search window toolbar, then select the To json operation. You need to specify one argument:
Argument | Data type | Description | ||
|---|---|---|---|---|
String to convert mandatory | string | The full sample with json syntax. You can manually enter the string or select a field with json data type.
|
The data type of the values in the new field is json.
Example
In this example, in the siem.logtrust.web.activity table, we will manually specify a string to create a json field, which can be later used as an argument in the Jq evaluation (jqeval) operation.
Click the Create field button on the toolbar, select the To json (jsonparse) operation and give the new field a name.
Add the necessary argument and configure it as shown in the picture below:
string to convert → manually introduced → {"name":"John","birth":"1986-12-14","city":"New York"}
...
Click Create field and a new field will be created with the specified string in json data type.
...
Use the operator select... as... and add the operation syntax to create the new field. This is the syntax for the To json operation:
jsonparse(string)
Example
You can use the following LINQ script to recreate the example above in any table (for example, in siem.logtrust.web.activity):
...