Getting Data In

Nested JSON Parsing and SPATH

I am trying to add the JSON file onto splunk. The file is not getting added effectively. I am attaching a brief of my JSON document. Help me with this.

This is a part of my JSON response:

"assignedto": null,
"assigned
tousername": null,
"comments": {
"comments": [
{
"comment": "Closed as helpful",
"time": "2019-02-19T07:48:28.647509+00:00",
"user": ""
},
{
"comment": "Updated by 1 observations",
"time": "2019-02-14T05:06:31.980100+00:00",
"user": null
}
],
"count": 2,
"text": "2 comments"
},
"created": "2019-02-13T07:31:38Z",
"description": "The AWS API has been accessed from a remote host in a country that doesn't normally access the API. For example, creating an IAM role from an unusual foreign IP would trigger this alert.",
"hostname": null,
"id": 133,
"ips
whencreated": [],
"last
modified": "2019-02-14T05:06:31.946168Z",
"merit": 8,
"naturaltime": "1 month ago",
"new
comment": null,
"objcreated": "2019-02-13T08:06:14.549476Z",
"observations": [
6557,
6559,
6947
],
"priority": 20,
"publish
time": "2019-02-13T08:06:14.486725+00:00",
"resolved": true,
"resolvedtime": "2019-02-19T07:48:28.628199Z",
"resolved
user": {
"id": 2,
"issuperuser": false,
"username": ""
},
"rules
matched": null,
"snoozesettings": null,
"source": 20,
"source
info": {
"created": "2019-01-22T00:15:33.086690+00:00",
"name": "(Amazon Web Services) 774913163797\root"
},
"sourcename": "(Amazon Web Services) 774913163797\root",
"source
params": {
"authority": "Amazon Web Services",
"domain": "774913163797",
"id": 1,
"meta": "user",
"source": 19,
"usersourceid": 20,
"usertype": 0,
"username": "root"
},
"tags": [],
"text": "Geographically Unusual AWS API Usage on (Amazon Web Services) 774913163797\root\nhttps://cisco-nalfarda.obsrvbl.com/#/alerts/133",
"time": "2019-02-14T04:31:55Z",
"type": "Geographically Unusual AWS API Usage"
},
{
"assigned
to": null,
"assignedtousername": null,
"comments": {
"comments": [
{
"comment": "Automatically closed. See Alert settings to modify whitelists and priorities.",
"time": "2019-01-25T10:31:00.019918+00:00",
"user": null
}
],
"count": 1,
"text": "1 comment"
},
"created": "2019-01-25T09:00:00Z",
"description": "Source has many failed access attempts from an external device. For example, a remote device trying repeatedly to access an internal server using SSH or Telnet would trigger this alert.",
"hostname": "i-084c971e032f292a1",
"id": 67,
"ipswhencreated": [],
"lastmodified": "2019-01-25T10:30:59.938043Z",
"merit": 5,
"natural
time": "1 month, 3 weeks ago",
"newcomment": null,
"obj
created": "2019-01-25T10:30:59.967304Z",
"observations": [
1126
],
"priority": 10,
"publishtime": "2019-01-25T10:30:59.934696+00:00",
"resolved": true,
"resolved
time": "2019-01-25T10:30:59.938043Z",
"resolveduser": null,
"rules
matched": null,
"snoozesettings": null,
"source": 15,
"source
info": {
"created": "2019-01-21T23:30:48.363367+00:00",
"hostnames": [],
"ips": [],
"name": "i-084c971e032f292a1",
"namespace": "awsv2:774913163797:us-west-2:vpc-0fe50f76"
},
"sourcename": "i-084c971e032f292a1",
"source
params": {
"id": 15,
"meta": "net-link",
"name": "i-084c971e032f292a1"
},
"tags": [],
"text": "Excessive Access Attempts (External) on i-084c971e032f292a1\nhttps://cisco-nalfarda.obsrvbl.com/#/alerts/67",
"time": "2019-01-25T09:00:00Z",
"type": "Excessive Access Attempts (External)"
}

0 Karma