×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jerzy999
New Member
Member since: ‎09-04-2019
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-04-2019
Activity Feed
View All

How to extract fields from json ?

by in Getting Data In
‎09-04-2019 05:51 AM
‎09-04-2019 05:51 AM
I do have a single (unfortunately not very repetitive in terms of number of characters and overall form) JSON event with many fields that I would like to extract: affectedPackage: [ [+] ] bulletinFamily: unix cvelist: [ [-] CVE-2019-9511 CVE-2019-9513 ] cvss: { [-] score: 7.8 vector: AV:N/AC:L/Au:N/C:N/I:N/A:C } description: - ------------------------------------------------------------------------- Debian Security Advisory DSA-4511-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 01, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nghttp2 CVE ID : CVE-2019-9511 CVE-2019-9513 Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 1.18.1-1+deb9u1. For the stable distribution (buster), these problems have been fixed in version 1.36.0-2+deb10u1. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org href: https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00159.html id: DEBIAN:DSA-4511-1:15C61 modified: 2019-09-01T21:08:24 published: 2019-09-01T21:08:24 title: [SECURITY] [DSA 4511-1] nghttp2 security update type: debian vhref: https://vulners.com/debian/DEBIAN:DSA-4511-1:15C61 What is the most optimal way to perform field extraction from this type of event. I am interested in dividing following example for fields such as: affectedPackage bulletinFamily cvelist href title published and so on... I do ingestion for single day in terms of technologies that I am interested in into single event using a python script -> (HEC) Splunk and want to generate alerts in Splunk based on critical events which I collect ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM