to_json_string - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language to_json_string() function that accepts all data types and returns its contents as a JSON formatted string.

Syntax
to_json_string(<data type>)
Description

The to_json_string() function accepts all data types, such as integers, booleans, strings, and returns it as a JSON formatted string. This function always returns a string. When the input is an object or an array, the function returns a JSON formatted string of the input. When the input string is a string, it returns the string as is. You can then use the JSON formatted string or string returned by this function with the json_extract, json_extract_array, and json_extract_scalar functions.

Examples

Return the action_file_device_info field in JSON format.

dataset = xdr_data 
| fields action_file_device_info as afdi
| filter afdi != null  
| alter the_json_string = to_json_string(afdi) 
| limit 10