1. ホーム
  2. 質問と答え
  3. JSONイベント間でカンマを削除

JSONイベント間でカンマを削除

2017-03-20 9 views
0

Splunkにページの内容をイベントに分解させてもらうことを望んでいましたが、できません。私はイベントの間にあるコンマを捨てようとしていますが、うまくいきません。 、これはJSONイベント間でカンマを削除

"last_updated":"2017-02-28T17:56:19Z"},{"id":588699,"name":null,...

に来てJSONの一部であり、これは私がbarmarをして助けたことをスクリプトでループのための私の外に置かれている

sed -e "s/},{/}+{/" -e "s/}[^}]*$/}/" secunia.txt | tr "+" "\n"

をしようとしているsedのラインであります,を引き出すのではありません。私は何が欠けていますか?

ここ

は、データの一部です:

{"id":588699,"name":null,"status":{"id":2963,"name":"Handled"},"priority":{"id":2873,"name":"Urgent"},"queue":{"id":2144,"name":"Default"},"description":null,"assigned_to":{"id":4120,"username":"[email protected]"},"asset_list":{"id":4777,"name":"Info Security Threat_Splunk"},"advisory":{"id":199003,"advisory_identifier":"SA74447","title":"Blue Coat Security Analytics Multiple Vulnerabilities","released":"2016-12-21T15:24:53Z","modified_date":"2016-12-21T15:24:53Z","criticality":2,"criticality_description":"Highly critical","solution_status":4,"solution_status_description":"Partial Fix","where":1,"where_description":"From remote","cvss_score":10.0,"cvss_vector":"(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)","type":0,"is_zero_day":false},"created":"2016-12-21T15:33:09Z","pretty_id":79,"custom_score":null,"last_updated":"2016-12-21T15:40:28Z"},{"id":584252,"name":null,"status":{"id":2963,"name":"Handled"},"priority":{"id":2873,"name":"Urgent"},"queue":{"id":2144,"name":"Default"},"description":null,"assigned_to":{"id":4118,"username":"[email protected]"},"asset_list":{"id":4657,"name":"PSS Middleware Environment"},"advisory":{"id":195840,"advisory_identifier":"SA73221","title":"Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities","released":"2016-10-19T14:20:02Z","modified_date":"2016-12-19T14:42:30Z","criticality":2,"criticality_description":"Highly critical","solution_status":2,"solution_status_description":"Vendor Patched","where":1,"where_description":"From remote","cvss_score":10.0,"cvss_vector":"(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)","type":0,"is_zero_day":false},"created":"2016-12-20T13:43:24Z","pretty_id":76,"custom_score":null,"last_updated":"2017-01-11T19:47:09Z"}

出典

2017-03-20 manderson

+0

プレフィックス4つの空白を使用してコード。 [edit-help](http://stackoverflow.com/editing-help)を見てください。 – Cyrus

+0

もっと良いですか?私は次の行にテキストを移動し、これを明らかに入力しなければなりません。 – manderson

+2

最初にJSONの解析に 'sed'を使うべきではありません。 'jq'のような適切なパーサを使用してください。 – chepner

答えて

0

は、このコマンドを試してみてください -

sed -e "s/,//g" -e "s/}{/}\n{/" -e "s/}[^}]*$/}/" f

出典

2017-03-20 20:45:21

0

イベントセパレータは、ここで働くの交換、これはそれが他の場所での入力では発生しません想定しています。

sed 's/},{/}\n{/' secunia.txt | jq -s .

またはポータブルsedと::たとえば

sed 's/},{/}\ 
{/' secunia.txt | jq -s .

出力:

[ 
    { 
    "id": 588699, 
    "name": null, 
    "status": { 
     "id": 2963, 
     "name": "Handled" 
    }, 
    "priority": { 
     "id": 2873, 
     "name": "Urgent" 
    }, 
    "queue": { 
     "id": 2144, 
     "name": "Default" 
    }, 
    "description": null, 
    "assigned_to": { 
     "id": 4120, 
     "username": "[email protected]" 
    }, 
    "asset_list": { 
     "id": 4777, 
     "name": "Info Security Threat_Splunk" 
    }, 
    "advisory": { 
     "id": 199003, 
     "advisory_identifier": "SA74447", 
     "title": "Blue Coat Security Analytics Multiple Vulnerabilities", 
     "released": "2016-12-21T15:24:53Z", 
     "modified_date": "2016-12-21T15:24:53Z", 
     "criticality": 2, 
     "criticality_description": "Highly critical", 
     "solution_status": 4, 
     "solution_status_description": "Partial Fix", 
     "where": 1, 
     "where_description": "From remote", 
     "cvss_score": 10, 
     "cvss_vector": "(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)", 
     "type": 0, 
     "is_zero_day": false 
    }, 
    "created": "2016-12-21T15:33:09Z", 
    "pretty_id": 79, 
    "custom_score": null, 
    "last_updated": "2016-12-21T15:40:28Z" 
    }, 
    { 
    "id": 584252, 
    "name": null, 
    "status": { 
     "id": 2963, 
     "name": "Handled" 
    }, 
    "priority": { 
     "id": 2873, 
     "name": "Urgent" 
    }, 
    "queue": { 
     "id": 2144, 
     "name": "Default" 
    }, 
    "description": null, 
    "assigned_to": { 
     "id": 4118, 
     "username": "[email protected]" 
    }, 
    "asset_list": { 
     "id": 4657, 
     "name": "PSS Middleware Environment" 
    }, 
    "advisory": { 
     "id": 195840, 
     "advisory_identifier": "SA73221", 
     "title": "Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities", 
     "released": "2016-10-19T14:20:02Z", 
     "modified_date": "2016-12-19T14:42:30Z", 
     "criticality": 2, 
     "criticality_description": "Highly critical", 
     "solution_status": 2, 
     "solution_status_description": "Vendor Patched", 
     "where": 1, 
     "where_description": "From remote", 
     "cvss_score": 10, 
     "cvss_vector": "(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)", 
     "type": 0, 
     "is_zero_day": false 
    }, 
    "created": "2016-12-20T13:43:24Z", 
    "pretty_id": 76, 
    "custom_score": null, 
    "last_updated": "2017-01-11T19:47:09Z" 
    } 
]

出典

2017-04-25 15:14:21 Thor

関連する問題

 関連する問題