to_json_string

Cortex XDR XQL to_json_string() function accepts a string and returns its contents in JSON format.

Synopsis

to_json_string(<
string
>)

Description

The
to_json_string()
function accepts a string and returns it in JSON format. If the string contains comma-separated name:value pairs, the result is a string representing a JSON object. You can then use the string returned by this function with the json_extract, json_extract_array, and json_extract_scalar functions.
If the input string does not contain content that parses into JSON format, this function simply returns the input string.

Examples

Return the
action_file_device_info
field in JSON format.
dataset = xdr_data | fields action_file_device_info as afdi | alter the_json_string = to_json_string(afdi) | filter afdi != null | limit 10

Recommended For You