Parsing Regex Multi from Nested JSON Array Blobs

Follow
Avatar
Adam Dawson
  • Edited

Hey Community!

I was wondering if anyone can help me. I am looking for assistance on parsing regex using multi parsing operator (I think is my best shout here)

I am looking to parse the associated value of key "First_Discovered_Datetime", "X" (in this example) which is a Unix Epoch time integer.

Within a raw format, I have the following example of an Array Greater-List with common values (this will be dynamic, depending on the number of asset's the user has, but in this case my example is 5 assets - The array has 7 * Key/Value Pairs):

"User\u0027s Assets": [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}, [{"Asset_Name": "X", "Asset_Type": "X", "First_Discovered_Datetime": X, "Last_Discovered_Datetime": X, "OS": X, "Source": ["X"], "Source_User_Name": ["X"]}

My problem is, that note how the Array List Header is called ""User\u0027s Assets":". The same key:value naming pair "First_Discovered_Datetime":<EPOCH> is present elsewhere within the entire raw message (I only included the Array as part of the entire message - Which is HUGE)

Can anyone suggest an approach for me to parse regex of the "First_Discovered_Datetime" Epoch Integer, only from ""User\u0027s Assets":" and not the rest of the message? ... I assume the Parse Multi operator is the best way forward so I can dynamically grab all of these values from the log message?

I hope all of the above makes sense and appreciate anyone's help!

TYIA, Ads

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post