Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to compare json file and find the difference in log file?

karthi2809
Builder
‎05-31-2022 09:41 AM

How to compare difference in the json file. If there is no difference we are good. But in my case i need to find compare N_aaa and A_aaa and find out the difference 

N_aaa

A_aaa

{
"AAA": {
"modified_files": [

"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\N_aaa/aaa/pack-672b2efd6aada12ecfc8d1745f805706f43902f4.idx",
"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\N_aaa/aaa/pack-672b2efd6aada12ecfc8d1745f805706f43902f4.pack",
"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\A_aaa/aaa/objects/pack/pack-8a069e643d668a0715f82a237b44f1554535719f.idx",
"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\A_aaa/aaa/objects/pack/pack-8a069e643d668a0715f82a237b44f1554535719f.pack"
]
}
}

Labels (3)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-31-2022 10:46 AM

What is the expected output?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

karthi2809
Builder
‎06-23-2022 12:52 AM

 

{
  "CODE": {
    "modified_files": [
      "a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/HEAD", 
      "a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/config", 
      "a/D:\\\\splunk_code_replication\\\\BBB_CODE/.git/index", 
	  "a/D:\\\\splunk_code_replication\\\\BBB_CODE/.git/config",
	  "a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/logs/refs/heads/master",
	  "a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/version.json"
	  ]
	  }
	}
	{
  "TOOlKIT": {
    "modified_files": [
      "a/D:\\\\splunk_code_replication\\\\AAA_TOOLKIT/.git/HEAD", 
      "a/D:\\\\splunk_code_replication\\\\AAA_TOOLKIT/.git/config", 
      "a/D:\\\\splunk_code_replication\\\\BBB_TOOLKIT/.git/index", 
	  "a/D:\\\\splunk_code_replication\\\\BBB_TOOLKIT/.git/config",
	  "a/D:\\\\splunk_code_replication\\\\AAA_TOOLKIT/.git/logs/refs/heads/master", 
	  ]
	}
}

 

@richgalloway Above events is in splunk .We have two repos in git 1. AAA 2.BBB.When ever the repos will replicate and both repos should be same file. But in my case after replicate both repos files are missing so i should compare the files and whare are the files is missing and send an alert as difference in repos.

INTERESTING FIELDS:

CODE.Modified_files{}

TOOLKIT.Modified_files{}

 

Expected output after comparing:

CODE.Modified_files{}

"a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/logs/refs/heads/master",
"a/D:\\\\splunk_code_replication\\\\AAA_CODE/.git/version.json"

These files are only present in AAA repo but not in BBB. So we need compare both AAA and BBB missing files. As per the event and show the difference.

 

Tags (2)
0 Karma
Reply

karthi2809
Builder
‎05-31-2022 04:31 PM

We comparing two git repos files(N_aaa,A_aaa). Both N_aaa and A_aaa file should be common. In case of any difference in the file should say as difference in the file

"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\N_aaa/aaa/pack-672b2efd6aada12ecfc8d1745f805706f43902f4.idx",

"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\A_aaa/aaa/objects/pack/pack-8a069e643d668a0715f82a237b44f1554535719f.idx",


"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\N_aaa/aaa/pack-672b2efd6aada12ecfc8d1745f805706f43902f4.pack",

"a/D:\\\\splunk\\\\Repos\\\\Wed\\\\A_aaa/aaa/objects/pack/pack-8a069e643d668a0715f82a237b44f1554535719f.pack"

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-01-2022 05:12 AM

To me, the desired output looks like a stripped-down version of the input.  You can do that using spath and mvexpand.

| spath | mvexpand "AAA.modified_files{}"

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-31-2022 09:49 PM

Is Splunk the right tool for this? Perhaps you should be using something else to do the file comparison? You could then feed the logs from the output of the comparison to Splunk for it to monitor and report on?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...