Hello,

I install the application PagerDuty on splunk.

I have a field where I can set a json.

The Path for the json is :

event.custom_details.custum_details

If I set a json, exemple {“toto” : {“subValue”:“toto1”, “suValue2”:“toto2”}, “titi” : “valueTiti”}

I have the result

event.custom_details.custum_details.toto.subValue=>“toto1”

event.custom_details.custum_details.toto.subValue2=>“toto2”

event.custom_details.custum_details.titi=>“valueTiti”

But if I want to move all the json toto I have a String (not a json)

event.custom_details.custum_details.toto =>"{“subValue”:“toto1”, “suValue2”:“toto2”}" or

event.custom_details.custum_detailso‘toto’] =>"{“subValue”:“toto1”, “suValue2”:“toto2”}"

I would like to use the extraction to move the json “toto” into the custom_details because another process need the access in pagerduty to :

event.custom_details.toto

Exemple of my actual extraction :

extraction = {

“event.summary” = {

template = “{{event.custom_details.custom_details.summary}}”

},

“event.dedup_key” = {

template = “{{event.custom_details.custom_details.summary}}”

},

“event.custom_details.toto” = {

template = “{{event.custom_details.custom_detailsr‘toto’]}}”

}

extraction = {

“event.summary” = {

template = “{{event.custom_details.custom_details.summary}}”

},

“event.dedup_key” = {

template = “{{event.custom_details.custom_details.summary}}”

},

“event.custom_details.toto” = {

template = “{{event.custom_details.custom_details.toto}}”

}

But in the result I have a String representation of the json.