I need to display the below JSON in a table format. I want the first level of keys movie1 and movie2 to come under a table column , for example Movie_List. So far, I have tried the below spath command and it is only showing the last extracted value, not both the values for movie1 and movie2 .
| makeresults |eval _raw = "{
\"movie1\": {
\"genre\": \"Comedy\",
\"review\": \"Good\",
\"release\": \"01:02:2023\"
},
\"movie2\": {
\"genre\": \"Action\",
\"review\": \"Average\",
\"release\": \"01:01:2023\"
}
}" |spath input=_raw path=movie1{}.genre output=genre
|spath path=movie1.review output=review
|spath path=movie1.release output=release_date
|spath path=movie2{}.genre output=genre
|spath path=movie2.review output=review
|spath path=movie2.release output=release_date
|fields - _raw _time
I want the table to be as below :
| Movie_List | genre | review | release_date |
|---|---|---|---|
| movie1 | Comedy | Good | 01:02:2023 |
| movie2 | Action | Average | 01:01:2023 |
Please help.
Thanks
You can use the
json_keyseval function to get the keys of the initial JSON. The result will be something like["movie1","movie2"](which is not really helpful), but thejson_array_to_mveval function will help you having a multivalue of the keys of the JSON.And here is a possible solution:
This may not be the best solution, but it works.