I need help with splunk query to return events where an array of object contains certain value for a key in all the objects of an array
Event 1: {
list: [
{"name": "Hello", "type": "code"},
{"name": "Hello", "type": "document"}
]
}
Event 2: {
list: [
{"name": "Hello", "type": "code"},
{"name": "World", "type": "document"}
]
}
Event 3: {
list: [
{"name": "Hello", "type": "document"},
{"name": "Hello", "type": "document"}
]
}
filters: In the list array,
the first item should have "type": "code"
All the items in the list array should have "name": "Hello"
Expected output: In the above list of events the query should return 'Event 1', where first item - list[0].type = code and list has all the items with "name": "Hello"
I tried multiple ways like search
list{}.name="Hello" This was returning the events which had atleast 1 element having name: Hello
However i was able to achieve checking for 1st filter as below
| eval conflict = mvindex(list, 0) | spath input=conflict | search type=code If someone can help in achieving both the filters in a query that will be helpful. Thanks in advance