Solved: Could someone help me with parsing JSON to a table...

Roei_Rom · ‎10-02-2022

I have the following JSON object which contains certificates expreation date:

{
"certificate-one.crt": 2022-11-11T16:00:00.000Z,
"certificate-two.crt": 2022-11-11T16:00:00.000Z
}

I want to convert it to the following table:

certificate name | expiration date
--------------------------|---------------------------------------
certificate-one.crt | 2022-11-11T16:00:00.000Z
--------------------------|---------------------------------------
certificate-two.crt | 2022-11-11T16:00:00.000Z

ITWhisperer · ‎10-02-2022

| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

View solution in original post

ITWhisperer · ‎10-02-2022

| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

Roei_Rom · ‎10-02-2022

Thanks!

Could someone help me with parsing JSON to a table?

table

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?

Could someone help me with parsing JSON to a table?

table

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI