V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
s884812
V2EX  ›  问与答

PHP 解析 ElasticSearch 的 json 方法,有關遍歷所有 json 元素。

  •  1
     
  •   s884812 · 2014-12-18 17:35:01 +08:00 · 2901 次点击
    这是一个创建于 3635 天前的主题,其中的信息可能已经有所发展或是发生改变。
    大家好。
    小弟在開發工作遇到一個困難點。
    以下是eleasticsearch返回的json資料:
    {
    "took" : 12,
    "timed_out" : false,
    "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
    },
    "hits" : {
    "total" : 8,
    "max_score" : 2.6739764,
    "hits" : [ {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "6",
    "_score" : 2.6739764,
    "_source":{
    "user": "dean",
    "version": "0",
    "device_vendor": "security",
    "device_product": "threatmanager",
    "device_version": "1.0",
    "signature_id": "100",
    "description": "worm successfully stopped",
    "severity": "10",
    "extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    }
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "5",
    "_score" : 2.3862944,
    "_source":{
    "user": "dean",
    "version": "0",
    "device_vendor": "security",
    "device_product": "threatmanager",
    "device_version": "1.0",
    "signature_id": "100",
    "description": "worm successfully stopped",
    "severity": "10",
    "extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
    "ext1": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    }
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "AUpMu6M4z71lXPfoDG1F",
    "_score" : 2.098612,
    "_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext4": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext6": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "AUpMxKDDz71lXPfoDG1G",
    "_score" : 2.098612,
    "_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext2": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "4",
    "_score" : 2.098612,
    "_source":{
    "user": "dean",
    "version": "0",
    "device_vendor": "security",
    "device_product": "threatmanager",
    "device_version": "1.0",
    "signature_id": "100",
    "description": "worm successfully stopped",
    "severity": "10",
    "extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
    "ext62": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    }
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "3",
    "_score" : 2.098612,
    "_source":{
    "user": "dean",
    "version": "0",
    "device_vendor": "security",
    "device_product": "threatmanager",
    "device_version": "1.0",
    "signature_id": "100",
    "description": "worm successfully stopped",
    "severity": "10",
    "extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
    "ext10": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    }
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "2",
    "_score" : 1.5108256,
    "_source":{
    "user": "dean",
    "version": "0",
    "device_vendor": "security",
    "device_product": "threatmanager",
    "device_version": "1.0",
    "signature_id": "100",
    "description": "worm successfully stopped",
    "severity": "10",
    "extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    "ext7": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
    }
    }, {
    "_index" : "cef",
    "_type" : "alert",
    "_id" : "AUpMuF-Pz71lXPfoDG1E",
    "_score" : 1.5108256,
    "_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1232","ext19": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext41": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext9": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
    } ]
    }
    }

    各位可以看到,在Extension後方會有不定量的ext欄位(實際上開發時不只ext),有時有三個,有時有一個,甚至十個。
    目前我解析的方式是
    decoded = json_decode($json); //decode json
    $results = $decoded->hits->hits;
    foreach ($results as $item) {
    $id = $item->_id; //get the id
    $version = $item->_source->version; // get the version
    $user = $item->_source->user; // get the user
    $device_vendor = $item->_source->deviceVendor; // get the device_vendor
    $device_product = $item->_source->deviceProduct; // get the device_product
    $device_version = $item->_source->deviceVersion; // get the device_version
    $signature_id = $item->_source->signatureId; // get the signature_id
    $description = $item->_source->name; // get the description
    $severity = $item->_source->severity; // get the severity
    $extension = $item->_source->extension; // get the extension

    }

    這樣子的寫法可以清楚的去撈出我需求的資料,前提是我知道回傳的欄位是什麼。
    那像現在無法預測欄位的情形,只能去遍歷整個json,但我不知道該如何下手,希望各位先進指點一下。
    感謝!
    2 条回复    2014-12-18 21:11:07 +08:00
    kslr
        1
    kslr  
       2014-12-18 18:09:56 +08:00
    json_decode 的第二个参数是设置是否返回数组
    设置后直接获得父数组然后遍历
    s884812
        2
    s884812  
    OP
       2014-12-18 21:11:07 +08:00
    @kslr 有沒有實際的作法呢?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2590 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 10:36 · PVG 18:36 · LAX 02:36 · JFK 05:36
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.