Parsing Regex Multi from Nested JSON Array Blobs
Hey Community!
I was wondering if anyone can help me. I am looking for assistance on parsing regex using multi parsing operator (I think is my best shout here)
I am looking to parse the associated value of key "First_Discovered_Datetime", "X" (in this example) which is a Unix Epoch time integer.
Within a raw format, I have the following example of an Array Greater-List with common values (this will be dynamic, depending on the number of asset's the user has, but in this case my example is 5 assets - The array has 7 * Key/Value Pairs):
"User\u0027s Assets": [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}
My problem is, that note how the Array List Header is called ""User\u0027s Assets":". The same key:value naming pair "First_Discovered_Datetime":<EPOCH> is present elsewhere within the entire raw message (I only included the Array as part of the entire message - Which is HUGE)
Can anyone suggest an approach for me to parse regex of the "First_Discovered_Datetime" Epoch Integer, only from ""User\u0027s Assets":" and not the rest of the message? ... I assume the Parse Multi operator is the best way forward so I can dynamically grab all of these values from the log message?
I hope all of the above makes sense and appreciate anyone's help!
TYIA, Ads
Please sign in to leave a comment.
Comments
1 comment