I've started pulling in Okta System log into ElasticSearch using this plugin:
I have all that working and now I've been creating a template so that fields are getting formatted correctly. What I'm struggling with is how to handle this field called "target":
{
"type": "AppInstance",
"id": "1111",
"displayName": "webapp",
"alternateId": "webapp",
"detailEntry": {
"signOnModeType": "SAML_2_0"
}
},
{
"type": "AppUser",
"id": "0000",
"displayName": "Full Name",
"alternateId": "email",
"detailEntry": null
}