Hello, I am trying to parse this JSON with Logstash.
{"creation_date": "2023/01/04", "vulnerabilities": [{"count": 1, "score": null, "vuln_index": 414, "plugin_name": "WordPad History", "severity": 0, "vpr_score": null, "plugin_id": 92438, "severity_index": 0, "cpe": "cpe:/o:microsoft:windows", "offline": false, "plugin_family": "Windows", "snoozed": 0}, {"count": 1, "score": null, "vuln_index": 396, "plugin_name": "Windows Defender Installed", "severity": 0, "vpr_score": null, "plugin_id": 131023, "severity_index": 1, "cpe": "cpe:/a:microsoft:windows_defender", "offline": false, "plugin_family": "Windows", "snoozed": 0}, {"count": 1, "score": null, "vuln_index": 333, "plugin_name": "RDP Screenshot", "severity": 0, "vpr_score": null, "plugin_id": 66173, "severity_index": 2, "cpe": "cpe:/o:microsoft:windows", "offline": false, "plugin_family": "General", "snoozed": 0}]}
Everything works fine, but when I add another object to my JSON, it fails. I don't understand why. ( I add another object in vulnerabilities key).
I got this error :
[ERROR] 2023-04-25 14:40:13.055 [[main]<file] json - JSON parse error, original data now in message field {:message=>"Unrecognized token 'count': was expecting ('true', 'false' or 'null')\n at [Source: (String)\"count\": 1, \"score\": null, \"vuln_index\": 319, \"plugin_name\": \"NetBIOS Multiple IP Address Enumeration\", \"severity\": 0, \"vpr_score\": null, \"plugin_id\": 43815, \"severity_index\": 3, \"cpe\": null, \"offline\": false, \"plugin_family\": \"Windows\", \"snoozed\": 0}]}\"; line: 1, column: 6]", :exception=>LogStash::Json::ParserError, :data=>"count\": 1, \"score\": null, \"vuln_index\": 319, \"plugin_name\": \"NetBIOS Multiple IP Address Enumeration\", \"severity\": 0, \"vpr_score\": null, \"plugin_id\": 43815, \"severity_index\": 3, \"cpe\": null, \"offline\": false, \"plugin_family\": \"Windows\", \"snoozed\": 0}]}"}
[WARN ] 2023-04-25 14:40:13.206 [[main]>worker0] json - Error parsing json {:source=>"message", :raw=>"count\": 1, \"score\": null, \"vuln_index\": 319, \"plugin_name\": \"NetBIOS Multiple IP Address Enumeration\", \"severity\": 0, \"vpr_score\": null, \"plugin_id\": 43815, \"severity_index\": 3, \"cpe\": null, \"offline\": false, \"plugin_family\": \"Windows\", \"snoozed\": 0}]}", :exception=>#<LogStash::Json::ParserError: Unrecognized token 'count': was expecting ('true', 'false' or 'null')
at [Source: (byte[])"count": 1, "score": null, "vuln_index": 319, "plugin_name": "NetBIOS Multiple IP Address Enumeration", "severity": 0, "vpr_score": null, "plugin_id": 43815, "severity_index": 3, "cpe": null, "offline": false, "plugin_family": "Windows", "snoozed": 0}]}"; line: 1, column: 7]>}
{
"type" => "json",
"path" => "/testELK/exemple.json",
"@version" => "1",
"host" => "lnessus02v",
"@timestamp" => 2023-04-25T12:40:13.066Z,
"tags" => [
[0] "_jsonparsefailure"
]
}