How can I find a specific element in a dynamic array in KQL?
How can I find a specific element in a dynamic array in KQL?
E.g. I have the json array (i.e. a string) [{"key": "foo", "val": "bar"}, {"key": "a", "val": "b"}] in KQL. Now I want to find out the value of the property val for the objects with the "a" key. It can be at any index, not only at the index 1 as it is in the example above.
I found the array_index_of function. But it does not seem to accept any predicates, it accepts only the index and I don't know the index in my case beforehand.
Are there any means to query the JSON array for an item which satisfies some conditions in KQL?
I tried the mv-expand, but it seems to separate the key from the val:
datatable (b: dynamic)
[
dynamic({"key": "foo", "val": "bar"}),
dynamic({"key": "a", "val": "b"})
]
| mv-expand b
Now I want to find out the value of the property
valfor the objects with the"a"key.
I have reproduced in my environment and below are expected results:
You can just use bag_unpack() and then get the value of a like below:
datatable (b: dynamic)
[
dynamic({"key": "foo", "val": "bar"}),
dynamic({"key": "a", "val": "b"})
]
|evaluate bag_unpack(b)
| where key contains "a"
Output:
Do you happen to know, why in my example above does it split one dynamic into two pieces? E.g. the key foo and the val bar end up in different rows.
mv-exapnd divides the dynamic array based on commas "," and new line so it divides like that and this is an expected behavior.
- Json schema array of objects (where objects must be the same)
- JSON Schema for objects without names
- JSON Schema to validate an array of dictionaries
- How can I JSON stringify and then parse an object with functions? (JavaScript)
- Rails: Serializing deeply nested associations with active_model_serializers
- (Python) Cant scrape data from rocket tracker using re, requests, and json
- How to send data from Python script to JavaScript and vice-versa?
- How to minify json files while Vite build?
- How to fix 'Private field must be declared in an enclosing class'
- Extract arrays from JSON
- Python Json loads() returning string instead of dictionary?
- PowerShell code returning specific variable. Enhance program by capturing variables above and below
- How to unpack nested JSON into Python Dataclass
- Group by a part of json array column
- php CURL Error: Request payload is not JSON
- How to resolve 400 bad request error while trying to send message through the new FCM API V1?
- PowerShell code returning correct value. However, looking to enhance program by capturing the ID tag listed above the desired value
- java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 2 path $
- json schema validate the value of one property against the value of another property
- Can comments be used in JSON?
- Blazor requesting a json file
- How to JQ select a record where a sub-node matches both values
- No column name was specified for column 1 of 'sp'
- Round numbers anywhere in a JSON document
- How to pull application version (or import package.json file)? Google does not help :(
- How can I create a JSON object that can handle conditionals?
- Create JSON from CSV and add some header lines with Pandas
- Convert JSON type scraped string to dataframe in R
- How do I decode HTML entities in Swift?
- BudiBase request returns different results in JSON and Raw