PHP 解析 ElasticSearch 的 json 方法,有關遍歷所有 json 元素。
s884812 · 2014-12-18 17:35:01 +08:00 · 2754 次点击这是一个创建于 3423 天前的主题,其中的信息可能已经有所发展或是发生改变。
大家好。
小弟在開發工作遇到一個困難點。
以下是eleasticsearch返回的json資料:
{
"took" : 12,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 8,
"max_score" : 2.6739764,
"hits" : [ {
"_index" : "cef",
"_type" : "alert",
"_id" : "6",
"_score" : 2.6739764,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "5",
"_score" : 2.3862944,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext1": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMu6M4z71lXPfoDG1F",
"_score" : 2.098612,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext4": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext6": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMxKDDz71lXPfoDG1G",
"_score" : 2.098612,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext2": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "4",
"_score" : 2.098612,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext62": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "3",
"_score" : 2.098612,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext10": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "2",
"_score" : 1.5108256,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
"ext7": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMuF-Pz71lXPfoDG1E",
"_score" : 1.5108256,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1232","ext19": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext41": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext9": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
} ]
}
}
各位可以看到,在Extension後方會有不定量的ext欄位(實際上開發時不只ext),有時有三個,有時有一個,甚至十個。
目前我解析的方式是
decoded = json_decode($json); //decode json
$results = $decoded->hits->hits;
foreach ($results as $item) {
$id = $item->_id; //get the id
$version = $item->_source->version; // get the version
$user = $item->_source->user; // get the user
$device_vendor = $item->_source->deviceVendor; // get the device_vendor
$device_product = $item->_source->deviceProduct; // get the device_product
$device_version = $item->_source->deviceVersion; // get the device_version
$signature_id = $item->_source->signatureId; // get the signature_id
$description = $item->_source->name; // get the description
$severity = $item->_source->severity; // get the severity
$extension = $item->_source->extension; // get the extension
}
這樣子的寫法可以清楚的去撈出我需求的資料,前提是我知道回傳的欄位是什麼。
那像現在無法預測欄位的情形,只能去遍歷整個json,但我不知道該如何下手,希望各位先進指點一下。
感謝!
小弟在開發工作遇到一個困難點。
以下是eleasticsearch返回的json資料:
{
"took" : 12,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 8,
"max_score" : 2.6739764,
"hits" : [ {
"_index" : "cef",
"_type" : "alert",
"_id" : "6",
"_score" : 2.6739764,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "5",
"_score" : 2.3862944,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext1": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMu6M4z71lXPfoDG1F",
"_score" : 2.098612,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext4": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext6": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMxKDDz71lXPfoDG1G",
"_score" : 2.098612,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext2": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "4",
"_score" : 2.098612,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext62": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "3",
"_score" : 2.098612,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",
"ext10": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "2",
"_score" : 1.5108256,
"_source":{
"user": "dean",
"version": "0",
"device_vendor": "security",
"device_product": "threatmanager",
"device_version": "1.0",
"signature_id": "100",
"description": "worm successfully stopped",
"severity": "10",
"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
"ext7": "src=10.0.0.1 dst=2.1.2.2 spt=1232"
}
}, {
"_index" : "cef",
"_type" : "alert",
"_id" : "AUpMuF-Pz71lXPfoDG1E",
"_score" : 1.5108256,
"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1232","ext19": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext41": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext9": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}
} ]
}
}
各位可以看到,在Extension後方會有不定量的ext欄位(實際上開發時不只ext),有時有三個,有時有一個,甚至十個。
目前我解析的方式是
decoded = json_decode($json); //decode json
$results = $decoded->hits->hits;
foreach ($results as $item) {
$id = $item->_id; //get the id
$version = $item->_source->version; // get the version
$user = $item->_source->user; // get the user
$device_vendor = $item->_source->deviceVendor; // get the device_vendor
$device_product = $item->_source->deviceProduct; // get the device_product
$device_version = $item->_source->deviceVersion; // get the device_version
$signature_id = $item->_source->signatureId; // get the signature_id
$description = $item->_source->name; // get the description
$severity = $item->_source->severity; // get the severity
$extension = $item->_source->extension; // get the extension
}
這樣子的寫法可以清楚的去撈出我需求的資料,前提是我知道回傳的欄位是什麼。
那像現在無法預測欄位的情形,只能去遍歷整個json,但我不知道該如何下手,希望各位先進指點一下。
感謝!
 |
1
kslr 2014-12-18 18:09:56 +08:00
json_decode 的第二个参数是设置是否返回数组
设置后直接获得父数组然后遍历 |
Select Language