Getting Data In

line break NIST CVE json file

DanielASG
Explorer

I trying to break up the nist cve json file into each cve event

Below is a (small) output of the json file

CVE_data_numberOfCVEs" : "1691",
"CVE_data_timestamp" : "2019-03-28T00:00Z",
"CVE_Items" : [ {
"cve" : {
  "data_type" : "CVE",

I would like to line split it so it looks like this

{
"cve" : {
  "data_type" : "CVE",

But only seam to get it to split like this

  "cve" : {
  "data_type" : "CVE",

I have tried the below
Props.conf

BREAK_ONLY_BEFORE =(?m){\s+”cve”

And

BREAK_ONLY_BEFORE =\s{\s+”cve”

With no luck … I have tried lots of other ways but the two above should work (I think)

Can anyone see im doing wrong?
thanks

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...