Expressions in Generic List format for structured data

Edit online

Structured data in Generic List format contains one or more properties, which are represented as list items.

About this task

You can extract properties from an event that is in Generic List format by writing an expression that matches the property. Valid Generic List expressions are in the form of a $<number> notation. For example, $0 represents the first property in the list, $1 is the second property, and so on.

The following example shows an event that is in Generic List format:
ABC Company;1.13;console_login;jsmith;John Smith;interactivePassword;

Procedure

  1. To extract the first property in the list, type $0 in the Expression field.
  2. In the Delimiter field, enter the delimiter between list items that is specific for your payload. In this example, the delimiter between list items is a semicolon (;).

Results

Matches in the payload are highlighted in the event data in the Payloads pane of the Data Parser.