在Python中将嵌套JSON数组转换为简单JSON_Python_Json_Elastic Stack_Nmap

在Python中将嵌套JSON数组转换为简单JSON

python json

在Python中将嵌套JSON数组转换为简单JSON,python,json,elastic-stack,nmap,Python,Json,Elastic Stack,Nmap,我有一个包含嵌套JSON对象的JSON文件。我想通过Logstash将这个JSON文件索引到我的Elasticsearch中，但Elasticsearch不支持嵌套JSON（目前）。python中有没有一种方法可以将这些嵌套对象转换为简单的JSON，即可搜索的JSON 我使用的JSON是由一个python脚本创建的，该脚本使用Nmap并确定网络上的主机。此时无法搜索端口阵列，这是我项目的全部目的。这是因为JSON数组作为一个字段索引到数据库中，而不是它们自己的JSON字段样本： { "

我有一个包含嵌套JSON对象的JSON文件。我想通过Logstash将这个JSON文件索引到我的Elasticsearch中，但Elasticsearch不支持嵌套JSON（目前）。python中有没有一种方法可以将这些嵌套对象转换为简单的JSON，即可搜索的JSON

我使用的JSON是由一个python脚本创建的，该脚本使用Nmap并确定网络上的主机。此时无法搜索端口阵列，这是我项目的全部目的。这是因为JSON数组作为一个字段索引到数据库中，而不是它们自己的JSON字段

样本：

{
    "host": {
        "status": {
            "_state": "up",
            "_reason": "echo-reply",
            "_reason_ttl": "60"
        },
        "address": {
            "_addr": "xxx.xxx.xxx.xxx",
            "_addrtype": "ipv4"
        },
        "hostnames": {
            "hostname": {
                "_name": "xxxxxx.com",
                "_type": "PTR"
            }
        },
        "ports": {
            "extraports": {
                "extrareasons": {
                    "_reason": "no-responses",
                    "_count": "994"
                },
                "_state": "filtered",
                "_count": "994"
            },
            "port": [
                {
                    "state": {
                        "_state": "closed",
                        "_reason": "reset",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "_name": "ftp-data",
                        "_method": "table",
                        "_conf": "3"
                    },
                    "_protocol": "tcp",
                    "_portid": "20"
                },
                {
                    "state": {
                        "_state": "open",
                        "_reason": "syn-ack",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "cpe": "cpe:/a:vsftpd:vsftpd",
                        "_name": "ftp",
                        "_product": "vsftpd",
                        "_version": "2.0.8 or later",
                        "_hostname": "Welcome",
                        "_method": "probed",
                        "_conf": "10"
                    },
                    "_protocol": "tcp",
                    "_portid": "21"
                },
                {
                    "state": {
                        "_state": "open",
                        "_reason": "syn-ack",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "cpe": "cpe:/a:openbsd:openssh:5.3",
                        "_name": "ssh",
                        "_product": "OpenSSH",
                        "_version": "5.3",
                        "_extrainfo": "protocol 2.0",
                        "_method": "probed",
                        "_conf": "10"
                    },
                    "_protocol": "tcp",
                    "_portid": "22"
                },
                {
                    "state": {
                        "_state": "open",
                        "_reason": "syn-ack",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "cpe": "cpe:/a:apache:http_server:2.2.15",
                        "_name": "http",
                        "_product": "Apache httpd",
                        "_version": "2.2.15",
                        "_extrainfo": "(CentOS)",
                        "_method": "probed",
                        "_conf": "10"
                    },
                    "_protocol": "tcp",
                    "_portid": "80"
                },
                {
                    "state": {
                        "_state": "open",
                        "_reason": "syn-ack",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "cpe": "cpe:/a:apache:http_server:2.2.15",
                        "_name": "http",
                        "_product": "Apache httpd",
                        "_version": "2.2.15",
                        "_extrainfo": "(CentOS)",
                        "_tunnel": "ssl",
                        "_method": "probed",
                        "_conf": "10"
                    },
                    "_protocol": "tcp",
                    "_portid": "443"
                },
                {
                    "state": {
                        "_state": "open",
                        "_reason": "syn-ack",
                        "_reason_ttl": "60"
                    },
                    "service": {
                        "_name": "rsync",
                        "_extrainfo": "protocol version 31",
                        "_method": "probed",
                        "_conf": "10"
                    },
                    "_protocol": "tcp",
                    "_portid": "873"
                }
            ]
        },
        "times": {
            "_srtt": "1392",
            "_rttvar": "258",
            "_to": "50000"
        },
        "_starttime": "1527320392",
        "_endtime": "1527320668"
    }
}

不要在elasticsearch映射中使用嵌套关键字

更好的方法是，将整个json结构定义为映射

然后在elasticsearch中搜索您可能会得到它。

预期的输出是什么？你试过什么，到底有什么问题？试一下