Description
Is your feature request related to a problem?
Community members have asked for easier JSON parsing and analysis capabilities which allow them to not only search JSON logs and extract fields without writing complex parse expressions, but perform computations on JSON array values, such as finding the sum of all values in the array, where the number of elements in the array is not known.
What solution would you like?
Allow users to extract and transform data from JSON-formatted events and fields. Users should be able to extract all values in an array by specifying a wildcard for the individual element position and doing an aggregation operation on them. Users should be able to extract: 1/single or multiple top level fields 2/nested fields 3/keys in arrays and perform operations on the values.
** Examples ***
- User wants to look at an array of elements, across log entries to see how many times each element has occurred in the array.
- Match any item in a JSON array, regardless of the position in the array
- Pull out fields within a nested JSON file
What alternatives have you considered?
No other solutions are available in PPL
Do you have any additional context?
No