I have a JSONs which have the following structure:
{
"fieldA": "valueA",
"fieldB": "valueB",
"fieldC": "valueC",
"fieldD": {
"keyA": 1,
"keyB": 1,
}
}
And, I am executing a TOP command as follows:
sourcetype=MySource | top limit=30000 "fieldA" "fieldB" by "fieldC"
This command will give me an output as follows:
+--------+--------+--------+--------+-----------+
| fieldC | fieldA | fieldB | count | percent |
+--------+--------+--------+--------+-----------+
| valueC | valueA | valueB | 1 | 100.00 |
+--------+--------+--------+--------+-----------+
How can I get the key of fieldD as the value of another column so that I can produce a table as follows:
+--------+--------+--------+--------+--------+-----------+
| fieldC | fieldA | fieldB | fieldD | count | percent |
+--------+--------+--------+--------+--------+-----------+
| valueC | valueA | valueB | keyA;keyB | 1 | 100.00 |
+--------+--------+--------+--------+--------+-----------+
... View more