Solved: Correlate data in JSON file without timestamp

Patrick_Peeters · ‎11-16-2020

I have a JSON input with different types, all representing a data point at a certain time. I have the start time of the event and am looking for a way to get all the data organised without having to revert to custom Python code - how do I do this?

The 'time' type in JSON depicts how many seconds since the start time a data point is happening across all these types.

Ideally I'm looking for something that looks like this based on the data below assuming the start time is 12:00:00, probably latlng even split but that's secondary for now:

_time	distance	altitude	latlng
12:00:00	3.8	51.5	-33.895627, 151.228228
12:00:01	5.2	51.6	-33.895627, 151.228228
12:00:03	6.7	51.5	-33.895627, 151.228228
12:00:04	8.9	51.5	-33.895627, 151.228228

[
    {
        "type": "time",
        "data": [
            0,
            1,
            3,
            4
        ]
    }, 
    {
        "type": "distance",
        "data": [
            3.8,
            5.2,
            6.7,
            8.9
        ]
    },
    {
        "type": "altitude",
        "data": [
            51.5,
            51.6,
            51.5,
            51.5
        ]
    },
    {
        "type": "latlng",
        "data": [
            [
                -33.895627,
                151.228228
            ],
            [
                -33.895627,
                151.228228
            ],
            [
                -33.895627,
                151.228228
            ],
            [
                -33.895627,
                151.228228
            ],
        ]
    },
]

Patrick_Peeters · ‎11-17-2020

Managed to get it done via Python's pandas module, specifically pandas.DataFrame function. It works great for series and dataframe data like the one I had.

The result:

[
    {
        "time": 1580539600,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895302,
        "lon": 151.228177
    },
    {
        "time": 1580539601,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895302,
        "lon": 151.228177
    },
    {
        "time": 1580539602,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895325,
        "lon": 151.22817
    }
]

View solution in original post

Patrick_Peeters · ‎11-17-2020

Managed to get it done via Python's pandas module, specifically pandas.DataFrame function. It works great for series and dataframe data like the one I had.

The result:

[
    {
        "time": 1580539600,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895302,
        "lon": 151.228177
    },
    {
        "time": 1580539601,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895302,
        "lon": 151.228177
    },
    {
        "time": 1580539602,
        "distance": 0,
        "altitude": 45.7,
        "heartrate": 77,
        "lat": -33.895325,
        "lon": 151.22817
    }
]

Correlate data in JSON file without timestamp

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Correlate data in JSON file without timestamp

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?