Hi,
I need help with parsing below data that is pulled from a python script. The data is pushed to system output and script monitoring is in place to read the data. Below sample Json format data i...
See more...
Hi,
I need help with parsing below data that is pulled from a python script. The data is pushed to system output and script monitoring is in place to read the data. Below sample Json format data is printed to system output.
And below is the props currently present. The data has to be divided into multiple events after "tags."
[sourcetype_name]
KV_MODE = json SHOULD_LINEMERGE = false disabled = false CHARSET = UTF-8 TRUNCATE = 0 LINE_BREAKER = \"tags\":\[[\w\W].*\}\,\{\"id\": SEDCMD-remove_trailing_comma = s/\},\s/}/g
Sample data.
[{'id': 'e3b12550-db91-4a99-b20e-3e943fad2c7d', 'name': 'name', 'idn_name': '', 'idn': {}, 'tld': 'com', 'management_status': 'auto_renew_enabled', 'management_type': 'transfer', 'registered_at': '2015-09-15T00:00:00Z', 'expires_at': '2024-09-15T00:00:00Z', 'updated_at': '2022-01-06T13:58:54Z', 'created_at': '2021-12-03T11:40:56Z', 'managed_at': '2021-12-21T07:55:40Z', 'premium': 'Unknown', 'key_domain': False, 'whois_privacy': False, 'hidden_owner': False, 'local_presence': False, 'registry_lock': {'enabled': False}, 'nameservers': {'names': ['domain_name_service1.xyz3.abc.net', 'domain_name_service2.xyz3.abc.net', 'domain_name_service3.xyz3.abc.net', 'domain_name_service4.xyz3.abc.net', 'xyz1.abc.com', 'xyz2.abc.com', 'xyz3.abc.com', 'xyz4.abc.com'], 'labels': ['self_managed']}, 'signing_keys': [], 'registrant': {'id': 'a310c999-1b71-4a83-a6e3-f12af66a1001', 'name': 'Domain Administrator', 'email': 'abc@abc.com', 'phone': '+1.number', 'mobile': '', 'fax': '', 'organisation': 'company name', 'street1': 'address', 'street2': '', 'street3': '', 'city': 'city_details', 'state': 'state', 'postcode': 'pin_code', 'country_code': 'US'}, 'administrative': {'id': '2571a69a-07d2-442f-9142-5a418e4c0373', 'name': 'Domain Administrator', 'email': 'email', 'phone': '+1.number', 'mobile': '', 'fax': '', 'organisation': 'city_details Chocolate & Confectionery LLC', 'street1': '19 East Chocolate Avenue', 'street2': '', 'street3': '', 'city': 'city_details', 'state': 'state', 'postcode': 'pin_code', 'country_code': 'US'}, 'technical': {'id': '311791fa-bf28-40d9-a348-d503b4fc4380', 'name': 'Technical Manager', 'email': 'webops@city_detailss.com', 'phone': '+1.number', 'mobile': '', 'fax': '', 'organisation': 'company name', 'street1': 'address '', 'street3': '', 'city': 'city_details', 'state': 'state', 'postcode': 'pin_code', 'country_code': 'US'}, 'account': {'id': 'd126c591-3ec0-4f63-afd1-5bbd923504c5', 'name': 'city_details Co (Primary)', 'contracting_company': 'consonum', 'parent': {'id': '283410a6-2785-466c-a880-51aa17c8b8b2', 'name': 'city_details Co'}}, 'active_zone': None, 'domain_name_servicesec': False, 'external_comments': '', 'tags': []}, {'id': '6a735a33-a942-4f42-9a66-2bbda1466855', 'name': 'name', 'idn_name': '', 'idn': {}, 'tld': 'com', 'management_status': 'auto_renew_enabled', 'management_type': 'transfer', 'registered_at': '2015-09-15T00:00:00Z', 'expires_at': '2024-09-15T00:00:00Z', 'updated_at': '2022-01-06T13:58:54Z', 'created_at': '2021-12-03T11:40:56Z', 'managed_at': '2021-12-21T10:57:38Z', 'premium': 'Unknown', 'key_domain': False, 'whois_privacy': False, 'hidden_owner': False, 'local_presence': False, 'registry_lock': {'enabled': False}, 'nameservers': {'names': ['domain_name_service1.xyz3.abc.net', 'domain_name_service2.xyz3.abc.net', 'domain_name_service3.xyz3.abc.net', 'domain_name_service4.xyz3.abc.net', 'xyz1.abc.com', 'xyz2.abc.com', 'xyz3.abc.com', .... this continues till the end of the log file}]
The highlighted portion is where next ID starts. that shud be next event, but in Splunk everything is coming as a single event. Please help.
Thanks in advance.