1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. XQL Functions Reference
    6. to_json_string

    to_json_string

    Cortex XDR XQL to_json_string() function accepts a string and returns its contents in JSON format.

    Synopsis

    to_json_string(<
    string
    >)

    Description

    The
    to_json_string()
     function accepts a string and returns it in JSON format. If the string contains comma-separated name:value pairs, the result is a string representing a JSON object. You can then use the string returned by this function with the json_extract, json_extract_array, and json_extract_scalar functions.
    If the input string does not contain content that parses into JSON format, this function simply returns the input string.

    Examples

    Return the
    action_file_device_info
     field in JSON format. 
    dataset = xdr_data 
| fields action_file_device_info as afdi 
| alter the_json_string = to_json_string(afdi) 
| filter afdi != null 
| limit 10

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo