PHP 解析 ElasticSearch 的 json 方法，有關遍歷所有 json 元素-白红宇

PHP 解析 ElasticSearch 的 json 方法，有關遍歷所有 json 元素

阅读量：7016 次

发布时间：2019-06-28

本文共 4334 字，大约阅读时间需要 14 分钟。

以下是eleasticsearch返回的json資料：

{

"took" : 12,

"timed_out" : false,

"_shards" : {

"total" : 5,

"successful" : 5,

"failed" : 0

"hits" : {

"total" : 8,

"max_score" : 2.6739764,

"hits" : [ {

"_index" : "cef",

"_type" : "alert",

"_id" : "6",

"_score" : 2.6739764,

"_source":{

"user": "dean",

"version": "0",

"device_vendor": "security",

"device_product": "threatmanager",

"device_version": "1.0",

"signature_id": "100",

"description": "worm successfully stopped",

"severity": "10",

"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "5",

"_score" : 2.3862944,

"_source":{

"user": "dean",

"version": "0",

"device_vendor": "security",

"device_product": "threatmanager",

"device_version": "1.0",

"signature_id": "100",

"description": "worm successfully stopped",

"severity": "10",

"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",

"ext1": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "AUpMu6M4z71lXPfoDG1F",

"_score" : 2.098612,

"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1333","ext4": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext6": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "AUpMxKDDz71lXPfoDG1G",

"_score" : 2.098612,

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "4",

"_score" : 2.098612,

"_source":{

"user": "dean",

"version": "0",

"device_vendor": "security",

"device_product": "threatmanager",

"device_version": "1.0",

"signature_id": "100",

"description": "worm successfully stopped",

"severity": "10",

"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",

"ext62": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "3",

"_score" : 2.098612,

"_source":{

"user": "dean",

"version": "0",

"device_vendor": "security",

"device_product": "threatmanager",

"device_version": "1.0",

"signature_id": "100",

"description": "worm successfully stopped",

"severity": "10",

"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232",

"ext10": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "2",

"_score" : 1.5108256,

"_source":{

"user": "dean",

"version": "0",

"device_vendor": "security",

"device_product": "threatmanager",

"device_version": "1.0",

"signature_id": "100",

"description": "worm successfully stopped",

"severity": "10",

"extension": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

"ext7": "src=10.0.0.1 dst=2.1.2.2 spt=1232"

}

}, {

"_index" : "cef",

"_type" : "alert",

"_id" : "AUpMuF-Pz71lXPfoDG1E",

"_score" : 1.5108256,

"_source":{"user":"dean","version":"0","device_vendor":"security","device_product":"threatmanager","device_version": "1.0","signature_id":"100","description":"worm successfully stopped","severity":"10","extension":"src=10.0.0.1 dst=2.1.2.2 spt=1232","ext19": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext41": "src=10.0.0.1 dst=2.1.2.2 spt=1232","ext9": "src=10.0.0.1 dst=2.1.2.2 spt=1232"}

} ]

}

各位可以看到，在Extension後方會有不定量的ext欄位（實際上開發時不只ext），有時有三個，有時有一個，甚至十個。

目前我解析的方式是

decoded = json_decode($json); //decode json

$results = $decoded->hits->hits;

foreach ($results as $item) {

$id = $item->_id; //get the id

$version = $item->_source->version; // get the version

$user = $item->_source->user; // get the user

$device_vendor = $item->_source->deviceVendor; // get the device_vendor

$device_product = $item->_source->deviceProduct; // get the device_product