This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need help in DQL to expand columns

imsummii
Visitor

‎23 Apr 2025 10:37 AM

Hello Community, 

We need help in one of the DQL to expand one of the columns which are in JSON. We got to this final column from nested jsons and previously in the same query used "fieldsFlatten"  to flatten a single nested row to many rows. But the flatten rows are not getting expanded. This is required to create a dashboard for the data.

Query::

fetch logs
| filter matchesValue(aws.account.id, "674210405359")
| filter dt.security_context == "14025"
| filter aws.log_group == "/mcs-ops-remote-patching/"
| fieldsKeep content
| parse content, "JSON:data_payload"
| fieldsFlatten data_payload, depth: 10

| expand data_payload.StepExecutions

| fields data_payload.StepExecutions, data_payload.Account_Id, data_payload.Region_Name, data_payload.ProductID
| fieldsFlatten data_payload.StepExecutions, depth: 10
| filter data_payload.StepExecutions.StepName == "PostPatching_notification" or data_payload.StepExecutions.StepName == "patch_summary"

| fieldsKeep data_payload.StepExecutions.Outputs.patchsummary
| expand data_payload.StepExecutions.Outputs.patchsummary, limit: 10

 

Labels:
0 Kudos
Reply
1 REPLY 1

krzysztof_hoja
Dynatrace Champion
Dynatrace Champion

‎23 Apr 2025 08:35 PM

fieldsFlatten does not "flatten a single nested row to many rows". expand command can expand single field being an array into multiple rows.

data_payload.StepExecutions.Outputs.patchsummary seems to be just object (or maybe string representing object?), so applying expand on it does not change anything

0 Kudos
Reply
Ask a question

Featured Posts