JSON line breaking- How do I get rid of the ]?

chandvit · ‎08-04-2022

Hi Team I have a JSON file as below :-

[{"entityId":null,"entityType":"Account.AccountRequest","accessedByUser":"jinghui@bullish.treasurygo.com","milestone":"Approval","comment":"Bank Account Manager approved this request. Comments: ","commentType":"MilestoneApproval","when":"2022-07-26T06:10:43.91Z","id":30},{"entityId":null,"entityType":"Account.AccountRequest","accessedByUser":"jinghui@bullish.treasurygo.com","milestone":"Approval","comment":"Bank Account Manager approved this request. Comments: ","commentType":"MilestoneApproval","when":"2022-07-26T06:10:43.91Z","id":30},{"entityId":null,"entityType":"Account.AccountRequest","accessedByUser":"jinghui@bullish.treasurygo.com","milestone":"A task was completed","comment":"Prepare SAP Config Docs","commentType":"MilestoneGeneric","when":"2022-07-26T06:10:43.907Z","id":29},{"entityId":null,"entityType":"Account.AccountRequest","accessedByUser":"jinghui@bullish.treasurygo.com","milestone":"A task was completed","comment":"Prepare SAP Config Docs","commentType":"MilestoneGeneric","when":"2022-07-26T06:10:43.907Z","id":29}]

I am using the pattern while testing and reviewing the events :-
(\[|,|\]){

This breaks everything fine but the last line which has the closing ]

How to get rid of the ] at the end of the JSON array?

Kindly request you'll to guide me.Many thanks in anticipation.

richgalloway · ‎08-04-2022

Use SEDCMD to remove the unwanted character.

SEDCMD-rmbracket = s/\]$//

---
If this reply helps you, Karma would be appreciated.

JSON line breaking- How do I get rid of the ]?

heavy forwarder

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All