I want to read specific values out of a line delimited json file. The lines in the jason file look like that.
{"_index":"sessions2-210803","_type":"session","_id":"210803-C9HXbu3OqpWUu7jEi1-dns-740","_score":1,"_source":{"tags":["siemens1200","network","on","internal_source","internal_destination"],"lastPacket":1627992915080,"ipProtocol":17,"host":{"name":"filebeat"},"srcIp":"fe80::5a90:cd4e:d1ab:f2d","tagsCnt":5,"zeek_dns":{"TC":"F","Z":"0","qtype":"12","AA":"F","qclass":"1","qtype_name":"PTR","RA":"F","trans_id":"0","rejected":"F","query":"_scanner._tcp.local","qclass_name":"INTERNET","RD":"F"},"length":0,"protocol":["udp","dns"],"timestamp":1627992915080,"@version":"1","input":{},"@timestamp":"2021-08-03T12:15:15.079Z","dstIp":"ff02::fb","srcPort":5353,"zeek":{"ts":"2021-08-03T12:15:15.079Z","service":["dns"],"action":["INTERNET PTR"],"resp_p":"5353","resp_h":"ff02::fb","logType":"dns","orig_p":"5353","proto":["udp"],"orig_h":"fe80::5a90:cd4e:d1ab:f2d","uid":"C9HXbu3OqpWUu7jEi1"},"node":"filebeat","dns":{"hostCnt":1,"opcode":["QUERY"],"qt":["PTR"],"qc":["INTERNET"],"opcodeCnt":1,"host":["_scanner._tcp.local"],"qcCnt":1,"qtCnt":1},"firstPacket":1627992915080,"zeekLogDocId":"C9HXbu3OqpWUu7jEi1-dns-740","agent":{"type":"filebeat","name":"filebeat","hostname":"filebeat","id":"445310e6-a4f7-4d35-b108-ffc5b5bdfdce","version":"7.10.2"},"log":{"file":{"path":"dns(siemens1200,network,on,pcap,1641825420503841566).log"}},"type":"session","dstPort":5353,"event":{},"protocolCnt":2,"ecs":{"version":"1.6.0"},"rootId":"C9HXbu3OqpWUu7jEi1","network":{"type":"ipv6"}}}
{"_index":"sessions2-210803","_type":"session","_id":"210803-Cce4Fx3rcoxsYWbyDc","_score":1,"_source":{"totBytes":1560,"dstMacCnt":1,"srcIp":"192.168.0.10","srcDataBytes":249,"tagsCnt":5,"length":5284,"@version":"1","input":{},"srcPort":50813,"zeek":{"orig_l2_addr":"28:63:36:c6:c7:d4","ts":"2021-08-03T12:15:11.487Z","proto":["tcp"],"uid":"Cce4Fx3rcoxsYWbyDc","community_id":"1:bpjqBJzFV5S8SYeEa2SsbUBE9VE=","resp_l2_addr":"28:63:36:c6:cc:67","service":["s7comm"],"resp_p":"102","resp_h":"192.168.0.110","logType":"conn","orig_p":"50813","orig_h":"192.168.0.10"},"dstPackets":15,"firstPacket":1627992911488,"zeekLogDocId":"Cce4Fx3rcoxsYWbyDc","dstMac":["28:63:36:c6:cc:67"],"log":{"file":{"path":"conn(siemens1200,network,on,pcap,1641825420390204300,ZEEKFLDx00x03FFFFFF).log"}},"type":"session","event":{},"dstBytes":867,"protocolCnt":2,"ecs":{"version":"1.6.0"},"rootId":"Cce4Fx3rcoxsYWbyDc","tags":["siemens1200","network","on","internal_source","internal_destination"],"lastPacket":1627992916772,"ipProtocol":6,"host":{"name":"filebeat"},"dstDataBytes":263,"zeek_conn":{"conn_state_description":"Connection established, not terminated","orig_bytes":"249","orig_pkts":"11","orig_ip_bytes":"693","resp_bytes":"263","resp_pkts":"15","history":"ShADda","conn_state":"S1","missed_bytes":"0","resp_ip_bytes":"867","duration":5.283593},"protocol":["tcp","s7comm"],"timestamp":1627992911488,"@timestamp":"2021-08-03T12:15:11.487Z","tcpflags":{"syn-ack":1,"syn":1,"ack":10},"dstIp":"192.168.0.110","srcMac":["28:63:36:c6:c7:d4"],"node":"filebeat","agent":{"type":"filebeat","name":"filebeat","hostname":"filebeat","id":"445310e6-a4f7-4d35-b108-ffc5b5bdfdce","version":"7.10.2"},"dstPort":102,"communityId":"1:bpjqBJzFV5S8SYeEa2SsbUBE9VE=","srcPackets":11,"totPackets":26,"srcMacCnt":1,"segmentCnt":1,"srcBytes":693,"network":{"type":"ipv4"},"totDataBytes":512}}
...
know my Problem is if I am trying to load the file
file1 = open('sessions2-210803.json')
data = json.load(file1)
I am getting an error massage
json.decoder.JSONDecodeError: Extra data: line 2 column 1 (char 1470)
so my question is how can I load/open the file so that I can extract for example the value "_id"
>Solution :
import json
with open('path/to/file') as f:
lines = f.readlines()
dicts = [json.loads(line) for line in lines]