In cloud logs reside many nested objects. When flattening these, the key names kill the layout of the "simple artifact details table" due to the long names, eg. targetResources_0_modifiedProperties_1_displayName. Shortening is not meaningful possible and would probably remove the meaning of the value. We tried line-breaking within the blue badge, but this has an impact on the readability.
The "event artifact details table" is hardcoded on windows event artifacts but it uses a nice approach: The nested objects in those events are displayed as beautified Json at the bottom of the simple table.
So we developed the "advanced artifact table". As soon as a key "Advanced" exists within the record, it's contents are beautified the same way as for windows-events. To make clear how to call these fields in advanced searches, it's headlined with "Data.Advanced".
salehmuhaysin
commented
1 year ago
In cloud logs reside many nested objects. When flattening these, the key names kill the layout of the "simple artifact details table" due to the long names, eg. targetResources_0_modifiedProperties_1_displayName. Shortening is not meaningful possible and would probably remove the meaning of the value. We tried line-breaking within the blue badge, but this has an impact on the readability.
The "event artifact details table" is hardcoded on windows event artifacts but it uses a nice approach: The nested objects in those events are displayed as beautified Json at the bottom of the simple table.
So we developed the "advanced artifact table". As soon as a key "Advanced" exists within the record, it's contents are beautified the same way as for windows-events. To make clear how to call these fields in advanced searches, it's headlined with "Data.Advanced".