From e53e4dafaa2e30684ba191643cb48ff9db0fcdd0 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Mon, 14 Oct 2024 19:24:06 +0900
Subject: [PATCH] fix: output agg result string when allfieldinfo profile

---
 src/detections/message.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/detections/message.rs b/src/detections/message.rs
index 025b20ffa..e23b79e0e 100644
--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -185,6 +185,12 @@ pub fn create_message(
                         key.to_owned(),
                         AllFieldInfo(detect_info.detail.clone().into()),
                     ));
+                    if is_json_timeline {
+                        record_details_info_map.insert(
+                            "#AllFieldInfo".into(),
+                            vec![CompactString::new(detect_info.detail.clone())],
+                        );
+                    }
                 } else {
                     let recinfos = if let Some(c) = record_details_info_map.get("#AllFieldInfo") {
                         c.to_owned()