web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Filtering through an a...
Power Automate
Answered

Filtering through an array of objects

(0) ShareShare
ReportReport
Posted on by mikraphne 46
So, I have been working on setting it up so that my user reported emails go to from KnowBe4 to a webhook, where it sends a JSON over to my Logic App. I have figured out how to use this data to open tickets in my ticketing software. However, I am constructing the second app that will be used to close the ticket, and I am not sure how to grab the data that I need. In the JSON below, there is an array that has a bunch of objects in them, and I am looking to have it so that the Logic App can find the object that has "trigger_type": "User", then goes into that object and finds the "trigger_name": "Closer Name". For all automated tasks, the trigger_type is null and the trigger_name is null. However, when someone manually closes the ticket, it pops a trigger_type of "User", and in that same object, it shows the "trigger_name" with the user's name that closed the ticket.
If I can get that user name into a Compose or variable, I should have no issues getting the ticket closed in our ticketing software on their behalf, but I this filtering of this array is a little outside of my knowledge. If anyone knows a good way of going under that history array and grabbing what I need, I would be thrilled to see how to do it!
 
Sorry for the massive JSON here. I just figured it might be better if someone was able to use the entire thing, as opposed to just the "history" section.
 

 

{
 "body": {
 "headers": [
 {
 "sha1": "1c3dcbc5a9",
 "headers": [
 {
 "From": "domainname Automated Notification System <ivcom>"
 },
 {
 "Subject": "Completed: Complete viaSign: #2 -domainname - Friday, February 23, 2024"
 },
 {
 "To": " <@domainname.com>"
 },
 {
 "Content-Type": "multipart/mixed; boundary=\"----sinikael-?=_1-17087150419670.9288702915236632\""
 },
 {
 "Content-Transfer-Encoding": "7bit"
 }
 ],
 "filename": "rawHeaders.txt",
 "byte_size": 7396,
 "mime_type": "text/plain",
 "md5": "d624ae7cbef7"
 }
 ],
 "addresses": {
 "cc": "",
 "reply_to": "",
 "reported_by": "@domainname.com",
 "from": "ivm",
 "to": [
 "@domainname.com"
 ]
 },
 "links": [
 "https://trad5b6b8&id=6b7205781d",
 "http://domainname.com"
 ],
 "phishml": {
 "confidence_spam": "0.002280122367665171",
 "confidence_clean": "0.00008148026972776279",
 "category": "threat",
 "confidence_threat": "0.9976683855056763"
 },
 "history": [
 {
 "date": "2024-02-23T14:15:46-05:00",
 "trigger_name": null,
 "causer_type": "Action",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "phishrip_completed": {
 "queried_fields": [
 "from",
 "subject"
 ],
 "read": "0",
 "time_range": {
 "start_time": "2024-02-22T14:10:25-05:00",
 "end_time": "2024-02-23 19:10:25 +0000"
 },
 "quarantine": "true",
 "id": "8de87290-5ae1-41de-9f31-a75821972172",
 "results": "0",
 "users": "0",
 "status": "complete"
 }
 },
 "causer_name": "Threat Email Notification for Reporter"
 },
 {
 "date": "2024-02-23T14:10:31-05:00",
 "trigger_name": null,
 "causer_type": "Action",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "phishrip_started": {
 "queried_fields": [
 "from",
 "subject"
 ],
 "time_range": {
 "start_time": "2024-02-22T14:10:25-05:00",
 "end_time": "2024-02-23 19:10:25 +0000"
 },
 "quarantine": "true",
 "id": "8de87290-5ae1-41de-9f31-a75821972172",
 "status": "processing"
 }
 },
 "causer_name": "Threat Email Notification for Reporter"
 },
 {
 "date": "2024-02-23T14:10:25-05:00",
 "trigger_name": "Closer Name",
 "causer_type": "Action",
 "event_type": "other",
 "trigger_type": "User",
 "events": {
 "emails": [
 {
 "action_email_id": "c4ba53c9-8932-40a7-a347-f0cb74d04f15",
 "to": [
 "@domainname.com"
 ],
 "email": "Threat Email Notification for Reporter",
 "status": null
 }
 ],
 "changed_fields": {
 "action_status": [
 "received",
 "resolved"
 ]
 }
 },
 "causer_name": "Threat Email Notification for Reporter"
 },
 {
 "date": "2024-02-23T14:07:39-05:00",
 "trigger_name": null,
 "causer_type": "User",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "changed_fields": {
 "viewed": [
 false,
 true
 ]
 }
 },
 "causer_name": "Name Here"
 },
 {
 "date": "2024-02-23T14:06:06-05:00",
 "trigger_name": null,
 "causer_type": "Action",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "emails": [
 {
 "action_email_id": "0ebd75cc-23ea-4f91-8459-023f81e6c891",
 "to": [
 "@domainname.com",
 "@domainname.com",
 "@domainname.com",
 "@domainname.com",
 "@domainname.com"
 ],
 "email": "Threat Email Notification for Admin",
 "status": null
 }
 ],
 "tags": {
 "added": [
 "MANUAL"
 ]
 },
 "changed_fields": {
 "severity": [
 "unknown_severity",
 "critical"
 ],
 "category": [
 "unknown",
 "threat"
 ]
 }
 },
 "causer_name": "Threat Notification for Admin"
 },
 {
 "date": "2024-02-23T14:05:56-05:00",
 "trigger_name": null,
 "causer_type": null,
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "changed_fields": {
 "pipeline_status": [
 "processing",
 "processed"
 ]
 }
 },
 "causer_name": null
 },
 {
 "date": "2024-02-23T14:05:38-05:00",
 "trigger_name": null,
 "causer_type": "Integrations::Virustotal::Report",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "report": {
 "name": "VirusTotal",
 "results": [
 {
 "field": "url",
 "value": "domainname.com"
 },
 {
 "field": "scanned",
 "value": 89
 },
 {
 "field": "positives",
 "value": 0
 },
 {
 "field": "scan_date",
 "value": "2023-04-19 08:27:24 UTC"
 },
 {
 "field": "permalink",
 "value": "https://www.virustotn/u-5169a4f97145c6a3572aba5ffaa180763a37e9c7bb0f62babe950a6f53fe63a4-1681892844"
 }
 ]
 },
 "tags": {
 "removed": [
 "VT_PENDING"
 ],
 "added": [
 "VT_SCANNED"
 ]
 }
 },
 "causer_name": "VirusTotal"
 },
 {
 "date": "2024-02-23T14:05:28-05:00",
 "trigger_name": null,
 "causer_type": "Integrations::Virustotal::Report",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "report": {
 "name": "VirusTotal",
 "results": [
 {
 "field": "url",
 "value": "https://nam11.eserved=0"
 },
 {
 "field": "scanned",
 "value": 91
 },
 {
 "field": "positives",
 "value": 0
 },
 {
 "field": "scan_date",
 "value": "2024-02-23 18:54:09 UTC"
 },
 {
 "field": "permalink",
 "value": "https://wwaa14449"
 }
 ]
 }
 },
 "causer_name": "VirusTotal"
 },
 {
 "date": "2024-02-23T14:05:16-05:00",
 "trigger_name": null,
 "causer_type": "Integrations::PhishMl::Report",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "report": {
 "name": "Phish ML",
 "results": [
 {
 "field": "clean",
 "value": "0.01"
 },
 {
 "field": "spam",
 "value": "0.23"
 },
 {
 "field": "threat",
 "value": "99.77"
 }
 ]
 },
 "tags": {
 "added": [
 "PML:THREAT"
 ]
 }
 },
 "causer_name": "Phish ML"
 },
 {
 "date": "2024-02-23T14:05:16-05:00",
 "trigger_name": null,
 "causer_type": "Rule",
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "tags": {
 "added": [
 "KB4:SPF_PASS"
 ]
 }
 },
 "causer_name": "KB4:DKIM_PASS"
 },
 {
 "date": "2024-02-23T14:05:04-05:00",
 "trigger_name": null,
 "causer_type": null,
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "message_link": {
 "item_id": "66cedbe1-c413-4230-ae7e-c3d639b79a9d",
 "item_type": "MessageLink",
 "performed_action": "virus_total",
 "name": "https://t8d5b6b8&id=6b7205781d"
 }
 },
 "causer_name": null
 },
 {
 "date": "2024-02-23T14:05:04-05:00",
 "trigger_name": null,
 "causer_type": null,
 "event_type": "other",
 "trigger_type": null,
 "events": {
 "message_link": {
 "item_id": "3530e872-7fa4-4d12-b597-1a2577c7b44d",
 "item_type": "MessageLink",
 "performed_action": "virus_total",
 "name": "http://domainname.com"
 }
 },
 "causer_name": null
 },
 {
 "date": "2024-02-23T14:04:35-05:00",
 "trigger_name": null,
 "causer_type": null,
 "event_type": "created",
 "trigger_type": null,
 "events": null,
 "causer_name": null
 }
 ],
 "bad_links": [],
 "tags": [
 "FAILURE_TAG",
 "SUCCESS_TAG",
 "MANUAL",
 "VT_SCANNED",
 "KB4:SPF_PASS",
 "KB4:DKIM_PASS",
 "PML:THREAT"
 ]
 }
}

 

Categories:
Building flows
I have the same question (0)
  • v-yueyun-msft Profile Picture
    v-yueyun-msft Microsoft Employee on at

    Hi , @mikraphne 

    According to your description, you want to filter the [trigger_name]="Closer Name" && [trigger_type]="User", in your sample json, it just one object meet the condition:

    vyueyunmsft_0-1708918755462.png

    Sorry for that i an not surely understand which field you want to get in this object. Can you give me your end result you want to get in your side from your sample json?

     

    Best Regards,

    Yueyun Zhang

     

  • mikraphne Profile Picture
    mikraphne 46 on at

    Yes, there should just be one instance of [trigger_type]="User", which separates it from the other objects inside of the array (since they are all null when KnowBe4 automation runs a task). I just want it to find the object containing "User", then go up and record  the "CLOSER NAME" to a variable or a Compose action that I can use. That should contain a real person's name that I can then go off of to close the ticket.

  • Verified answer
    v-yueyun-msft Profile Picture
    v-yueyun-msft Microsoft Employee on at

    Hi, @mikraphne 

    Thanks for your response ! This is my test flow . The Compose action is used to create your sample json.

    vyueyunmsft_0-1708924542865.png

    This is my flow:

    vyueyunmsft_1-1708924590873.png

    outputs('Compose')?['body']?['history']
     
    item()?['trigger_type']
     
    xpath( xml(json(concat('{"root":{"item":',body('Filter_array'),'}}'))) , '/root/item/trigger_name/text()')
     

    Best Regards,

    Yueyun Zhang

  • mikraphne Profile Picture
    mikraphne 46 on at

    Thank you so much! I have had this in place for a week with multiple people in as the ticket closer, and it has worked perfectly! I would have NEVER come up with that function on my own, so many thanks!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Haque Profile Picture

Haque 594

#2
Valantis Profile Picture

Valantis 328

#3
David_MA Profile Picture

David_MA 281 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans