Stuck?
Example:
d:dynamic, key:string
todatetime(translate("/", "-", tostring(parse_json(d)[key])))
click on todatetime for the last hint answer
You're almost done collected the list of data, just missing two requirements
- Attackers IP address
- Attack Duration
I'm pretty sure the Attack duation could be solved with an extend operator
The IP Address one is pretty stright forward but i keep getting "IP address:" in the data, i remember reading somewhere split could help me out here.