I have data in my log which looks like,
extraData: { [-]
MD_independent_new: 2016-11-30T04:35:57Z
MD_sitedependent_new: 2016-11-30T17:31:22Z
app_version_build_id: 20161109
db_version: 27
device_id: A000003088E203
driver_id: 090201
login_environment: Production
site_id: S04160 : Irvine Hauling
vehicle_id: 104681
}
To extract fields from this log, I have my search like,
index=mint | table extraData.site_id
Is there a way I can assign the value of extraData.site_id to another variable?
My below search string fails,
index=mint |eval temp=extraData.site_id| table temp
Please assist.
