[Question] json_template and nested values

[Maypul]

Hi, is there a way to use nested values somehow?

Example based on Authentik:

INF | action=login auth_via=unauthenticated client_ip=XXXXX context={"asn":{"as_org":"XXXXX ","asn":1234,"network":"XXXXX "},"auth_method":"password","auth_method_args":{"mfa_devices":[{"app":"authentik_stages_authenticator_duo","model_name":"duodevice","name":"XXXXX ","pk":1}]},"geo":{"city":"XXXXX ","continent":"EU","country":"XXXXX ","lat":XXXXX ,"long":XXXXX },"http_request":{"args":{"next":"/"},"method":"GET","path":"/api/v3/flows/executor/authentication/","request_id":"a560a95db4aa4f51a3a0a60c4d97e16a","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"}} domain_url=auth.domain.com event=Created Event host=auth.domain.com logger=authentik.events.models pid=31490 request_id=a560a95db4aa4f51a3a0a60c4d97e16a schema_name=public timestamp=2025-05-23T15:20:54.716124 user={"email":"admin@domain.com","pk":1,"username":"admin"}

I can create alert based on it but If I want to extract email or username from "user" I am unable to do so and can only use "user" which gives the whole string.

[clemcer]

Thanks, I honestly forgout about nested JSONs. And I also just realized that my code overcomplicates things making it so that you can't access nested fields. I will include this in the next update.