Abstract
Learn more about the Cortex Query Language to_json_string() function that accepts all data types and returns its contents as a JSON formatted string.
Syntax
to_json_string(<data type>)Description
The to_json_string() function accepts all data types, such as integers, booleans, strings, and returns it as a JSON formatted string. This function always returns a string. When the input is an object or an array, the function returns a JSON formatted string of the input. When the input string is a string, it returns the string as is. You can then use the JSON formatted string or string returned by this function with the json_extract, json_extract_array, and json_extract_scalar functions.
Examples
Return the action_file_device_info field in JSON format.
dataset = xdr_data | fields action_file_device_info as afdi | filter afdi != null | alter the_json_string = to_json_string(afdi) | limit 10