Splunk Search

Could someone help me with parsing JSON to a table?

Roei_Rom
Engager

I have the following JSON object which contains certificates expreation date:

{
        "certificate-one.crt": 2022-11-11T16:00:00.000Z,
        "certificate-two.crt": 2022-11-11T16:00:00.000Z
}

I want to convert it to the following table:

certificate name        |  expiration date
 --------------------------|---------------------------------------
certificate-one.crt    |  2022-11-11T16:00:00.000Z
--------------------------|---------------------------------------
certificate-two.crt    |  2022-11-11T16:00:00.000Z

Labels (1)
Tags (2)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust
| rex max_match=0 "\"(?<certificate_expiry>[^\"]+\"[^\"]+\"[^\"]+)\""
| mvexpand certificate_expiry
| rex field=certificate_expiry "(?<certificate_name>[^\"]+)\"[^\"]+\"(?<expiration>[^\"]+)"

Roei_Rom
Engager

Thanks!

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...