I was able to extract the security group (GroupId) from nested array and named as jsonobject. Now, I am trying to extract / breakdown the field(jsonobject) into separate the security groups. I also want to count the number of unique security groups.
| parse regex field=jsonobject "(?<gid>\"sg-\w+\")" multi
It just search first (only one sg). Looks like multi is not working in this case
Please sign in to leave a comment.