How can I query for a nested JSON object's attribute in Panther's Data Explorer?
You can query for the nested attributes by using Dot Notion: <column>:<level1_element>.<level2_element>.<level3_element>
For example, if you have the JSON data below:
...
"userIdentity": {
"accountId": "1234567890",
"type": "AWSAccount"
}
...
You could use the following Dot Notation:userIdentity:accountId = '1234567890'
For more information, see Snowflake Semi-structured Data docs here.