TLEFilePlugins icon indicating copy to clipboard operation
TLEFilePlugins copied to clipboard
verified publisher icon EricZimmerman

Reading CSV with json

Open DfirJos opened this issue 3 years ago • 1 comments

Microsoft audit logs contain single-line CSV with a JSON column. I frequently use TimelineExplorer but for the Microsoft audit logs I resort to Splunk so I can "spath" the JSON so I can filter on the fields in the JSON. It would be awesome if TimelineExplorer has that option too. Do you also see this as a valuable addition?

DfirJos avatar May 31 '22 09:05 DfirJos

It would certainly be neat, but that kind of functioning and filtering would be required to be implemented by the company that writes the grid control that I use

I don't see any mention of that kind of thing either currently existing or on their roadmap

Keyword searches and filters would still be found but not via spath

EricZimmerman avatar May 31 '22 12:05 EricZimmerman