Hello,

I install the application PagerDuty on splunk.
I have a field where I can set a json.
The Path for the json is :
event.custom_details.custum_details

If I set a json, exemple {“toto” : {“subValue”:“toto1”, “suValue2”:“toto2”}, “titi” : “valueTiti”}
I have the result
event.custom_details.custum_details.toto.subValue=>“toto1”
event.custom_details.custum_details.toto.subValue2=>“toto2”
event.custom_details.custum_details.titi=>“valueTiti”
But if I want to move all the json toto I have a String (not a json)
event.custom_details.custum_details.toto =>"{“subValue”:“toto1”, “suValue2”:“toto2”}" or
event.custom_details.custum_details[‘toto’] =>"{“subValue”:“toto1”, “suValue2”:“toto2”}"

I would like to use the extraction to move the json “toto” into the custom_details because another process need the access in pagerduty to :
event.custom_details.toto
Exemple of my actual extraction :
extraction = {
“event.summary” = {
template = “{{event.custom_details.custom_details.summary}}”
},
“event.dedup_key” = {
template = “{{event.custom_details.custom_details.summary}}”
},
“event.custom_details.toto” = {
template = “{{event.custom_details.custom_details[‘toto’]}}”
}

extraction = {
“event.summary” = {
template = “{{event.custom_details.custom_details.summary}}”
},
“event.dedup_key” = {
template = “{{event.custom_details.custom_details.summary}}”
},
“event.custom_details.toto” = {
template = “{{event.custom_details.custom_details.toto}}”
}

But in the result I have a String representation of the json.