Solved: Re: Parsing JSON to a table

Roei_Rom · ‎10-02-2022

I have the following JSON object which contains certificates expreation date:

{
"certificate-one.crt": 2022-11-11T16:00:00.000Z,
"certificate-two.crt": 2022-11-11T16:00:00.000Z
}

I want to convert it to the following table:

certificate name | expiration date
--------------------------|---------------------------------------
certificate-one.crt | 2022-11-11T16:00:00.000Z
--------------------------|---------------------------------------
certificate-two.crt | 2022-11-11T16:00:00.000Z

ITWhisperer · ‎10-02-2022

| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

View solution in original post

ITWhisperer · ‎10-02-2022

| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

Roei_Rom · ‎10-02-2022

Thanks!

Could someone help me with parsing JSON to a table?

table

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Are you a member of the Splunk Community?

Could someone help me with parsing JSON to a table?

table

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency