Nested JSON Parsing and SPATH

praneethnagu143 — Tue, 29 Sep 2020 23:44:21 GMT

I am trying to add the JSON file onto splunk. The file is not getting added effectively. I am attaching a brief of my JSON document. Help me with this.

This is a part of my JSON response:

"assigned_to": null,
"assigned_to_username": null,
"comments": {
"comments": [
{
"comment": "Closed as helpful",
"time": "2019-02-19T07:48:28.647509+00:00",
"user": ""
},
{
"comment": "Updated by 1 observations",
"time": "2019-02-14T05:06:31.980100+00:00",
"user": null
}
],
"count": 2,
"text": "2 comments"
},
"created": "2019-02-13T07:31:38Z",
"description": "The AWS API has been accessed from a remote host in a country that doesn't normally access the API. For example, creating an IAM role from an unusual foreign IP would trigger this alert.",
"hostname": null,
"id": 133,
"ips_when_created": [],
"last_modified": "2019-02-14T05:06:31.946168Z",
"merit": 8,
"natural_time": "1 month ago",
"new_comment": null,
"obj_created": "2019-02-13T08:06:14.549476Z",
"observations": [
6557,
6559,
6947
],
"priority": 20,
"publish_time": "2019-02-13T08:06:14.486725+00:00",
"resolved": true,
"resolved_time": "2019-02-19T07:48:28.628199Z",
"resolved_user": {
"id": 2,
"is_superuser": false,
"username": ""
},
"rules_matched": null,
"snooze_settings": null,
"source": 20,
"source_info": {
"created": "2019-01-22T00:15:33.086690+00:00",
"name": "(Amazon Web Services) 774913163797\root"
},
"source_name": "(Amazon Web Services) 774913163797\root",
"source_params": {
"authority": "Amazon Web Services",
"domain": "774913163797",
"id": 1,
"meta": "user",
"source": 19,
"user_source_id": 20,
"user_type": 0,
"username": "root"
},
"tags": [],
"text": "Geographically Unusual AWS API Usage on (Amazon Web Services) 774913163797\root\nhttps://cisco-nalfarda.obsrvbl.com/#/alerts/133",
"time": "2019-02-14T04:31:55Z",
"type": "Geographically Unusual AWS API Usage"
},
{
"assigned_to": null,
"assigned_to_username": null,
"comments": {
"comments": [
{
"comment": "Automatically closed. See Alert settings to modify whitelists and priorities.",
"time": "2019-01-25T10:31:00.019918+00:00",
"user": null
}
],
"count": 1,
"text": "1 comment"
},
"created": "2019-01-25T09:00:00Z",
"description": "Source has many failed access attempts from an external device. For example, a remote device trying repeatedly to access an internal server using SSH or Telnet would trigger this alert.",
"hostname": "i-084c971e032f292a1",
"id": 67,
"ips_when_created": [],
"last_modified": "2019-01-25T10:30:59.938043Z",
"merit": 5,
"natural_time": "1 month, 3 weeks ago",
"new_comment": null,
"obj_created": "2019-01-25T10:30:59.967304Z",
"observations": [
1126
],
"priority": 10,
"publish_time": "2019-01-25T10:30:59.934696+00:00",
"resolved": true,
"resolved_time": "2019-01-25T10:30:59.938043Z",
"resolved_user": null,
"rules_matched": null,
"snooze_settings": null,
"source": 15,
"source_info": {
"created": "2019-01-21T23:30:48.363367+00:00",
"hostnames": [],
"ips": [],
"name": "i-084c971e032f292a1",
"namespace": "awsv2:774913163797:us-west-2:vpc-0fe50f76"
},
"source_name": "i-084c971e032f292a1",
"source_params": {
"id": 15,
"meta": "net-link",
"name": "i-084c971e032f292a1"
},
"tags": [],
"text": "Excessive Access Attempts (External) on i-084c971e032f292a1\nhttps://cisco-nalfarda.obsrvbl.com/#/alerts/67",
"time": "2019-01-25T09:00:00Z",
"type": "Excessive Access Attempts (External)"
}

topic Nested JSON Parsing and SPATH in Getting Data In

Nested JSON Parsing and SPATH