对电脑日志复杂的键值对提取每个json数据不一样要求通用脚本模板

_source
"{'@timestamp': '2020-09-21T00:46:21.676Z', 'service': {'type': 'system'}, 'ecs': {'version': '1.5.0'}, 'host': {'name': 'DESKTOP-B8KO4F2'}, 'agent': {'type': 'auditbeat', 'version': '7.8.0', 'hostname': 'DESKTOP-B8KO4F2', 'ephemeral_id': '4e9babb5-fe64-492c-bfee-60bc48d5ecbb', 'id': '6c8b1fa8-661a-4cd7-a982-6a5104deb6e7', 'name': 'DESKTOP-B8KO4F2'}, 'event': {'kind': 'event', 'category': ['process'], 'type': ['start'], 'action': 'process_started', 'module': 'system', 'dataset': 'process'}, 'process': {'args': ['C:\Windows\system32\SearchFilterHost.exe', '0', '736', '740', '748', '8192', '744'], 'pid': 6196, 'start': '2020-09-21T00:46:12.450Z', 'hash': {'sha1': '38998a827eb2e7b4879bc4e8b09de632793e4976'}, 'ppid': 7776, 'working_directory': 'C:\Windows\system32', 'entity_id': 'kOE5rcBfgspO0Juc', 'name': 'SearchFilterHost.exe', 'executable': 'C:\Windows\System32\SearchFilterHost.exe'}, 'message': 'Process SearchFilterHost.exe (PID: 6196) by user NT AUTHORITY\SYSTEM STARTED', 'user': {'group': {'id': 'S-1-5-18'}, 'name': 'NT AUTHORITY\SYSTEM', 'id': 'S-1-5-18'}}"

可以遍历每个日志读取成字符串进行处理，单个可这样：

import pandas as pd
d=eval(s)
df=pd.DataFrame(d)
print(df)

如有帮助，请点采纳。

import pandas as pd

df = pd.DataFrame({'@timestamp': '2020-09-21T00:46:21.676Z', 'service': {'type': 'system'}, 'ecs': {'version': '1.5.0'}, 'host': {'name': 'DESKTOP-B8KO4F2'}, 'agent': {'type': 'auditbeat', 'version': '7.8.0', 'hostname': 'DESKTOP-B8KO4F2', 'ephemeral_id': '4e9babb5-fe64-492c-bfee-60bc48d5ecbb', 'id': '6c8b1fa8-661a-4cd7-a982-6a5104deb6e7', 'name': 'DESKTOP-B8KO4F2'}, 'event': {'kind': 'event', 'category': ['process'], 'type': ['start'], 'action': 'process_started', 'module': 'system', 'dataset': 'process'}, 'process': {'args': ['C:\\Windows\\system32\\SearchFilterHost.exe', '0', '736', '740', '748', '8192', '744'], 'pid': 6196, 'start': '2020-09-21T00:46:12.450Z', 'hash': {'sha1': '38998a827eb2e7b4879bc4e8b09de632793e4976'}, 'ppid': 7776, 'working_directory': 'C:\\Windows\\system32', 'entity_id': 'kOE5rcBfgspO0Juc', 'name': 'SearchFilterHost.exe', 'executable': 'C:\\Windows\\System32\\SearchFilterHost.exe'}, 'message': 'Process SearchFilterHost.exe (PID: 6196) by user NT AUTHORITY\\SYSTEM STARTED', 'user': {'group': {'id': 'S-1-5-18'}, 'name': 'NT AUTHORITY\\SYSTEM', 'id': 'S-1-5-18'}})

df

	@timestamp	service	ecs	host	agent	event	process	message	user
type	2020-09-21T00:46:21.676Z	system	NaN	NaN	auditbeat	[start]	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
version	2020-09-21T00:46:21.676Z	NaN	1.5.0	NaN	7.8.0	NaN	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
name	2020-09-21T00:46:21.676Z	NaN	NaN	DESKTOP-B8KO4F2	DESKTOP-B8KO4F2	NaN	SearchFilterHost.exe	Process SearchFilterHost.exe (PID: 6196) by us...	NT AUTHORITY\SYSTEM
hostname	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	DESKTOP-B8KO4F2	NaN	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
ephemeral_id	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	4e9babb5-fe64-492c-bfee-60bc48d5ecbb	NaN	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
id	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	6c8b1fa8-661a-4cd7-a982-6a5104deb6e7	NaN	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	S-1-5-18
kind	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	event	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
category	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	[process]	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
action	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	process_started	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
module	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	system	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
dataset	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	process	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
args	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	[C:\Windows\system32\SearchFilterHost.exe, 0, ...	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
pid	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	6196	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
start	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	2020-09-21T00:46:12.450Z	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
hash	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	{'sha1': '38998a827eb2e7b4879bc4e8b09de632793e...	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
ppid	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	7776	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
working_directory	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	C:\Windows\system32	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
entity_id	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	kOE5rcBfgspO0Juc	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
executable	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	C:\Windows\System32\SearchFilterHost.exe	Process SearchFilterHost.exe (PID: 6196) by us...	NaN
group	2020-09-21T00:46:21.676Z	NaN	NaN	NaN	NaN	NaN	NaN	Process SearchFilterHost.exe (PID: 6196) by us...	{'id': 'S-1-5-18'}

df.process

type                                                               NaN
version                                                            NaN
name                                              SearchFilterHost.exe
hostname                                                           NaN
ephemeral_id                                                       NaN
id                                                                 NaN
kind                                                               NaN
category                                                           NaN
action                                                             NaN
module                                                             NaN
dataset                                                            NaN
args                 [C:\Windows\system32\SearchFilterHost.exe, 0, ...
pid                                                               6196
start                                         2020-09-21T00:46:12.450Z
hash                 {'sha1': '38998a827eb2e7b4879bc4e8b09de632793e...
ppid                                                              7776
working_directory                                  C:\Windows\system32
entity_id                                             kOE5rcBfgspO0Juc
executable                    C:\Windows\System32\SearchFilterHost.exe
group                                                              NaN
Name: process, dtype: object

for  item in df.process:
    print(item)

nan
nan
SearchFilterHost.exe
nan
nan
nan
nan
nan
nan
nan
nan
['C:\\Windows\\system32\\SearchFilterHost.exe', '0', '736', '740', '748', '8192', '744']
6196
2020-09-21T00:46:12.450Z
{'sha1': '38998a827eb2e7b4879bc4e8b09de632793e4976'}
7776
C:\Windows\system32
kOE5rcBfgspO0Juc
C:\Windows\System32\SearchFilterHost.exe
nan

对电脑日志复杂的键值对提取 每个json数据不一样要求通用脚本模板

对电脑日志复杂的键值对提取每个json数据不一样要求通用脚本模板