HomeLiongardRequest a DemoKnowledge Base

RoarPath Commands

Suggest Edits

Liongard JMESPath Extensions

There are several Liongard JMESPath extensions and functions to make JMESPath more powerful and convenient.

Function: ~ (Tilde) - Reference the Root of a Data Print from any Context within a JMESPath expression

  • Filtering an Array based on the contents of an Object elsewhere in the Data Print: Given the hypothetical Data Print below, including "foo" and "bar," we can filter "foo" based on the contents of "bar" using the tilde even though they are siblings in the Data Print (on equal levels within the Data Print.)
{
 "foo": ["a","b","c"],
 "bar": "c"
}

To write a query to filter "foo" based on the contents of "bar," you use the root operator tilde (~) as seen in the JMESPath query below. 

foo[?@ == ~.bar]

The result will be an Array containing only "c."

  • Looking up related information in a different Array to enrich the information in the current Array: Here's an example query that looks up and returns the Display Name for each of the privileged users from the Active Directory Inspector:
Configuration.Users[?contains(~.Configuration.Policies.ConditionalAccess[0].conditions.users.includeUsers,id)].displayName

Function: days_between

The days_between function takes any two dates as input and returns the count of days between them. The first date provided is subtracted from the second date. The date inputs can be provided in ISO date format or as the UNIX epic integer. The example query below will return the number 2.

days_between("2020-05-29T05:49:54","2020-05-31T05:49:54")

Function: date_format

The date_format function takes a date and timestamp and returns the data in a format you prefer. Formatting options can be found here.

date_format('2020-05-29T05:49:54+00:00', 'MM-DD-YYYY: hh:mm')

Function: to_lower_case

The to_lower_case function transforms any string to lower case.

to_lower_case('SomeTHING')

Function: time_between

The time_between function takes 2 timestamps and gets the time between them.

time_between('2020-05-29T05:49:54+00:00', '2020-07-02T06:49:21+00:00', 'days')

Function: time_since

The time_since function retrieves the time that has passed since a certain timestamp.

time_since('2021-09-28T05:49:54+00:00', 'days')

Function: time_until

The time_until function retrieves the time until a certain timestamp will be reached.

time_until('2021-10-2T05:49:54+00:00', 'days')

Function: replace

The replace function will replace part of a string with another string.

replace('lion tiger bear', 'tiger', 'turkey')

In the example above, "tiger" from the string "lion tiger bear" will be replaced with "turkey" making the final output read "lion turkey bear"

Function: split

The split function will split a string into an array, based on an identifier.

split('America/Los_Angeles', '/')

In the example above, the string "America/Los_Angeles" will be split into an array making the final output read ['America', 'Los_Angeles']

Function: slice_string

The slice_string function will trim either the front (positive integers) or the back (negative integers) from a string.

sysinfo[].slice_string(name, `1`)

In the example above, the returned name string would have the first character removed from each result.

sysinfo[].slice_string(name, `1,3`)

In the example above, the returned name string would show only the 2nd and 3rd character in the string

sysinfo[].slice_string(name, `-1`)

In the example above, the returned name string would only show the last character of the string.

Function: version_compare

The version_compare function will compare 2 semantic versions and give you a boolean value. The first argument is the version to compare and 3rd argument is what to compare against, 2nd argument is the comparator, it will accept
< Less than
<= Less than or equal to
> Greater than
>= Greater than or equal to
== Equal
!= Not Equal

Devices[?version_compare(version, `>`,` 10.1.1`)].Name

In the example above the returned value will be all devices on a version greater than 10.1.1

Function: percent_of

The percent_of function will provide the percent that one value is of another value. Both inputs must return a number, and the result is precise to 2 decimal places.

SysInfo[].[percent_of(mfaComplete, totalUsers), `%`, name]

In the example above, the returned value will be the percent of mfaComplete of totalUsers.

Function: multiply

The multiply function will multiply two values.

sysinfo[0].multiply(totalUsers, mfaComplete)

In the example above, the returned string will be the totalUsers value multiplied by the mfaComplete value.

Function: divide

The divide function will divide two values.

sysinfo[0].divide(totalUsers, mfaComplete)

In the example above, the returned string will be the totalUsers value divided by the mfaComplete value.

Function: subtract

The subtract function will subtract two values.

sysinfo[0].subtract(totalUsers, mfaComplete)

In the example above, the returned string will be the totalUsers value subtracted by the mfaComplete value.

Function: unique_list

The unique_list function will take an array and remove any duplicate values found.

Computers[].OStype | unique_list(@)

In the example above, the returned OStype string will not have any duplicate entries, even if duplicate OStypes are found.

Function: map_by_key

The map_by_key function will merge 2 arrays of objects based on a shared key pair value. This is useful when doing queries against two different paths of the Data Print that have a shared value, such as an ID or Name. The first argument is the array of objects you want to merge onto and the second argument is the array of objects you want to merge from. The first argument you must give the shallowest depth in the path that you want to see data from. The third argument is the exact key you want to cross check value's. The 4th key is optional if the depth of where the key-value in the first argument is deeper than then where you want to start the returned merged array of objects you must pass the path.

map_by_key(Users[],Licensing[], `skuId`, `assignedLicenses`)

In the example above, the query will return any matching skuId and assignedLicenses keys from the Users and Licensing arrays.

The query can then be filtered using a wildcard at the end as shown in the example below and you can still filter the arguments before you pass them in.

map_by_key(Users[],Licensing[], `skuId`, `assignedLicenses`)[*][displayName, `|`, assignedLicenses[].skuPartNumber]

This example will return any shared displayName followed by a | and any assigned licenses from the list of matching keys.

Updated 5 months ago