I have the exact same problem in two places and I can't quite figure it out. I think I need an ELI5.
I have a JSON structure coming from a giant hodge-podge of Powershell scripts that are pulling in local computer information.
The two that are evading me, are monitors and Network Adapters. They both stay JSON in Elastic/Kibana without being parsed. The rest of the message is fine. I think it is because they don't have a 'key' name but I suck at this stuff.
Example JSON:
{
"WindowsCurrentVersion": "6.3",
"WindowsEditionId": "Enterprise",
"CsNetworkAdapters": [
{
"Description": "Intel(R) Ethernet Connection (2) I219-V",
"ConnectionID": "Ethernet",
"DHCPEnabled": true,
"DHCPServer": "10.10.10.10",
"ConnectionStatus": 2,
"IPAddresses": [
"10.10.10.55",
"fe50::aaaa:aaa:44a:aa9"
]
}
],
"CsNumberOfLogicalProcessors": 4,
"CsNumberOfProcessors": 1,
"Monitors": {
"value": [
{
"Vendor": "Lenovo",
"Model": "T24i-10",
"Serial": "AB123450"
},
{
"Vendor": "Lenovo",
"Model": "T24i-10",
"Serial": "AB123450"
}
],
"Count": 2
},
"LastUser": "CORP.LOCAL\\REALLYBIGABE",
"PublicIP": "5.5.5.5"
}
How can I get the Monitors values (up to 4) and Network Interfaces (up to a zillion on Hyper-V and VMware hosts) to parse properly into Types and Subtypes? My early investigations had me put them in a JSON Tree viewer and I can see that the subtypes don't have a name per se (they show up as 0), so I probably need to add that or specify a key.
Anyone much smarter than me have any suggestions? Basically I want to be able to search for Monitor Serial Numbers or IPV4 and IPV6 addresses. I can adjust the source data too, if I knew what to adjust it to.
Thanks