-1

我目前正在使用 json 文件中的 netflow 数据。我的工作是解析 json 文件并对其中的数据执行特定操作。这样做之后,我将创建一个新文件并将每个新更新的 json 对象添加到其中。发生的事情是他们都在同一条线上。有没有办法让每个 json 对象/行到不同的行?给我的原始文件也是这样,只是看起来更整洁。谢谢!

编辑:

我想要的是:

    {"@timestamp":"2015-05-18T19:26:13.000Z","netflow":{"version":"9","flow_seq_num":"188189","flowset_id":"257","last_switched":"2015-05-15T14:28:01.999Z","first_switched":"2015-05-15T14:27:37.999Z","in_bytes":"4800","in_pkts":"2","input_snmp":"5","output_snmp":"4","ipv4_src_addr":"10.10.1.4","ipv4_dst_addr":"192.1.44.182","protocol":"6","src_tos":"2","dst_tos":"0","l4_src_port":"443","l4_dst_port":"12080","flow_sampler_id":"0","ipv4_next_hop":"10.10.1.5","dst_mask":"37","src_mask":"21","tcp_flags":"27","direction":"1"},"@version":"1","host":"192.168.19.202","src_host_name":"","dst_host_name":"","app_name":"","tcp_flags_str":"","dscp":"","highval":"","src_blacklisted":"0","dst_blacklisted":"0","invalid_ToS":"0","bytes_per_packet":2400,"tcp_nominal_payload":"0","malformed_ip":"0","empty_tcp":"0","short_tcp_handshake":"0","icmp_malformed_packets":"0","snort_attack_flow":"0","empty_udp":"0","short_udp":"0","short_tcp_rstack":"0","short_tcp_pansf":"0","short_tcp_synack":"0","short_tcp_synrst":"0","short_tcp_finack":"0","short_tcp_pna":"0","non_unicast_src":"0","multicast":"0","broadcast":"0","network":"0","tcp_urg":"0","land_attack":"0","short_tcp_ack":"0","tcp_synfin":"0","tcp_fin":"0","malformed_tcp":"1","tcp_xmas":"0","udp_echo_req":"0","tcp_null":"0","tcp_syn":"0","malformed_udp":"0","tcp_rst":"0","icmp_request":"0","icmp_response":"0","icmp_port_unreachable":"0","icmp_host_unreachable":"0","icmp_unreachable_for_Tos":"0","icmp_network_unreachable":"0","icmp_redirects":"0","icmp_time_exceeded_flows":"0","icmp_parameter_problem_flows":"0","icmp_trace_route":"0","icmp_datagram":"0","udp_echo_chargen_broadcast":"0","udp_chargen_echo_broadcast":"0","icmp_src_quench":"0","icmp_proto_unreachable":"0","udp_echo_broadcast":"0","udp_echo_rsp":"0", "hi": 10}
    {"@timestamp":"2015-05-18T19:26:13.000Z","netflow":{"version":"9","flow_seq_num":"188189","flowset_id":"257","last_switched":"2015-05-15T14:28:01.999Z","first_switched":"2015-05-15T14:27:37.999Z","in_bytes":"77","in_pkts":"2","input_snmp":"7","output_snmp":"2","ipv4_src_addr":"192.1.44.179","ipv4_dst_addr":"10.10.1.8","protocol":"6","src_tos":"0","dst_tos":"2","l4_src_port":"12192","l4_dst_port":"443","flow_sampler_id":"0","ipv4_next_hop":"10.10.1.7","dst_mask":"12","src_mask":"37","tcp_flags":"24","direction":"0"},"@version":"1","host":"192.168.19.202","src_host_name":"","dst_host_name":"","app_name":"","tcp_flags_str":"","dscp":"","highval":"","src_blacklisted":"0","dst_blacklisted":"0","invalid_ToS":"0","bytes_per_packet":38,"tcp_nominal_payload":"0","malformed_ip":"0","empty_tcp":"0","short_tcp_handshake":"0","icmp_malformed_packets":"0","snort_attack_flow":"0","empty_udp":"0","short_udp":"0","short_tcp_rstack":"0","short_tcp_pansf":"0","short_tcp_synack":"0","short_tcp_synrst":"0","short_tcp_finack":"0","short_tcp_pna":"0","non_unicast_src":"0","multicast":"0","broadcast":"0","network":"0","tcp_urg":"0","land_attack":"0","short_tcp_ack":"0","tcp_synfin":"0","tcp_fin":"0","malformed_tcp":"1","tcp_xmas":"0","udp_echo_req":"0","tcp_null":"0","tcp_syn":"0","malformed_udp":"0","tcp_rst":"0","icmp_request":"0","icmp_response":"0","icmp_port_unreachable":"0","icmp_host_unreachable":"0","icmp_unreachable_for_Tos":"0","icmp_network_unreachable":"0","icmp_redirects":"0","icmp_time_exceeded_flows":"0","icmp_parameter_problem_flows":"0","icmp_trace_route":"0","icmp_datagram":"0","udp_echo_chargen_broadcast":"0","udp_chargen_echo_broadcast":"0","icmp_src_quench":"0","icmp_proto_unreachable":"0","udp_echo_broadcast":"0","udp_echo_rsp":"0", "yes":10}
    {"@timestamp":"2015-05-18T19:59:59.000Z","netflow":{"version":"9","flow_seq_num":"189654","flowset_id":"257","last_switched":"2015-05-15T14:25:09.999Z","first_switched":"2015-05-15T14:24:45.999Z","in_bytes":"8400","in_pkts":"1","input_snmp":"7","output_snmp":"2","ipv4_src_addr":"10.10.1.2","ipv4_dst_addr":"192.1.109.32","protocol":"6","src_tos":"2","dst_tos":"0","l4_src_port":"443","l4_dst_port":"12816","flow_sampler_id":"0","ipv4_next_hop":"10.10.1.3","dst_mask":"45","src_mask":"3","tcp_flags":"19","direction":"1"},"@version":"1","host":"192.168.19.202","src_host_name":"","dst_host_name":"","app_name":"","tcp_flags_str":"","dscp":"","highval":"","src_blacklisted":"0","dst_blacklisted":"0","invalid_ToS":"0","bytes_per_packet":8400,"tcp_nominal_payload":"0","malformed_ip":"0","empty_tcp":"0","short_tcp_handshake":"0","icmp_malformed_packets":"0","snort_attack_flow":"0","empty_udp":"0","short_udp":"0","short_tcp_rstack":"0","short_tcp_pansf":"0","short_tcp_synack":"0","short_tcp_synrst":"0","short_tcp_finack":"0","short_tcp_pna":"0","non_unicast_src":"0","multicast":"0","broadcast":"0","network":"0","tcp_urg":"0","land_attack":"0","short_tcp_ack":"0","tcp_synfin":"0","tcp_fin":"0","malformed_tcp":"1","tcp_xmas":"0","udp_echo_req":"0","tcp_null":"0","tcp_syn":"0","malformed_udp":"0","tcp_rst":"0","icmp_request":"0","icmp_response":"0","icmp_port_unreachable":"0","icmp_host_unreachable":"0","icmp_unreachable_for_Tos":"0","icmp_network_unreachable":"0","icmp_redirects":"0","icmp_time_exceeded_flows":"0","icmp_parameter_problem_flows":"0","icmp_trace_route":"0","icmp_datagram":"0","udp_echo_chargen_broadcast":"0","udp_chargen_echo_broadcast":"0","icmp_src_quench":"0","icmp_proto_unreachable":"0","udp_echo_broadcast":"0","udp_echo_rsp":"0", "no":10}
    {"@timestamp":"2015-05-18T19:33:58.000Z","netflow":{"version":"9","flow_seq_num":"188525","flowset_id":"257","last_switched":"2015-05-15T14:27:22.999Z","first_switched":"2015-05-15T14:26:58.999Z","in_bytes":"8300","in_pkts":"2","input_snmp":"3","output_snmp":"6","ipv4_src_addr":"10.10.1.6","ipv4_dst_addr":"192.1.59.124","protocol":"6","src_tos":"2","dst_tos":"0","l4_src_port":"80","l4_dst_port":"12660","flow_sampler_id":"0","ipv4_next_hop":"10.10.1.4","dst_mask":"28","src_mask":"13","tcp_flags":"19","direction":"1"},"@version":"1","host":"192.168.19.202","src_host_name":"","dst_host_name":"","app_name":"","tcp_flags_str":"","dscp":"","highval":"","src_blacklisted":"0","dst_blacklisted":"0","invalid_ToS":"0","bytes_per_packet":4150,"tcp_nominal_payload":"0","malformed_ip":"0","empty_tcp":"0","short_tcp_handshake":"0","icmp_malformed_packets":"0","snort_attack_flow":"0","empty_udp":"0","short_udp":"0","short_tcp_rstack":"0","short_tcp_pansf":"0","short_tcp_synack":"0","short_tcp_synrst":"0","short_tcp_finack":"0","short_tcp_pna":"0","non_unicast_src":"0","multicast":"0","broadcast":"0","network":"0","tcp_urg":"0","land_attack":"0","short_tcp_ack":"0","tcp_synfin":"0","tcp_fin":"0","malformed_tcp":"1","tcp_xmas":"0","udp_echo_req":"0","tcp_null":"0","tcp_syn":"0","malformed_udp":"0","tcp_rst":"0","icmp_request":"0","icmp_response":"0","icmp_port_unreachable":"0","icmp_host_unreachable":"0","icmp_unreachable_for_Tos":"0","icmp_network_unreachable":"0","icmp_redirects":"0","icmp_time_exceeded_flows":"0","icmp_parameter_problem_flows":"0","icmp_trace_route":"0","icmp_datagram":"0","udp_echo_chargen_broadcast":"0","udp_chargen_echo_broadcast":"0","icmp_src_quench":"0","icmp_proto_unreachable":"0","udp_echo_broadcast":"0","udp_echo_rsp":"0", "bye": 10}

目前正在发生的事情:每个 JSON 对象不是在单独的行上,而是一个接一个(所以当你打开它来阅读它时,它是一个大行)。我希望它像上面一样逐行分隔。我会显示当前的输出,但我已经超出了我的字符数限制。

希望这可以帮助!

4

2 回答 2

0

没有你的代码很难确切知道你的问题是什么,但我猜你想使用json.dumps.

来自文档的示例用法:

>>> import json
>>> print json.dumps({'4': 5, '6': 7},
...                  indent=4, separators=(',', ': '))
{
    "4": 5,
    "6": 7
}

在您的示例中,这看起来像这样:

data = [{"@timestamp":"2015-05-18T19:26:13.000Z","netflow":{"version":"9"}},{"@timestamp":"2015-05-18T19:26:13.000Z","netflow":{"version":"9"}}]

with open("test.json", "w"):
    json.dumps(data, indent=1)

# test.json
[
 {
  "@timestamp": "2015-05-18T19:26:13.000Z",
  "netflow": {
   "version": "9"
  }
 },
 {
  "@timestamp": "2015-05-18T19:26:13.000Z",
  "netflow": {
   "version": "9"
  }
 }
]

编辑:如果您希望每个 json-object 在自己的行上,您可以使用:

with open("test.json", "w+") as f:
    for line in data:
        f.write(str(line) + "\n")

#test.json
{'@timestamp': '2015-05-18T19:26:13.000Z', 'netflow': {'version': '9'}}
{'@timestamp': '2015-05-18T19:26:13.000Z', 'netflow': {'version': '9'}}

请注意,这不是有效的 json,因为它们必须在数组中。您可能还想将'-quotes替换为"-quotes。这可以做到.replace("'", '"')

于 2015-06-03T17:41:59.883 回答
0

You can use pretty-print library.

import pprint

beautify = {"@timestamp":"2015-05-18T19:26:13.000Z......."} #Your Input
pp = pprint.PrettyPrinter(indent=4)
pp.pprint(beautify)
于 2015-06-03T17:58:59.480 回答