Expressions in Generic List format for structured data
Structured data in Generic List format contains one or more properties, which are represented as list items.
About this task
You can extract properties from an event that is in Generic List format by writing an expression that matches the property. Valid Generic List expressions are in the form of a $<number> notation. For example, $0 represents the first property in the list, $1 is the second property, and so on.
The following example shows an event that is in Generic List
format:
ABC Company;1.13;console_login;jsmith;John Smith;interactivePassword;Procedure
- To extract the first property in the list, type $0 in the Expression field.
- In the Delimiter field, enter the delimiter between list items that is specific for your payload. In this example, the delimiter between list items is a semicolon (;).
Results
Matches in the payload are highlighted in the event data in the Workspace of the DSM Editor.