I have a json file which I am trying to use make a system relevant if there is this value in the /opt/msclient/setting.json file - “PullIntervalInMins”: “60”,
I have tried these -
Q: exists lines whose (it contains ““PullIntervalInMins”: “60”,”) of file "/opt/adb-agent/appsettings.json"
E: The operator “pullintervalinmins” is not defined.
Q: exists lines whose (it contains “‘PullIntervalInMins’: “60”,”) of file "/opt/adb-agent/appsettings.json"
E: This expression could not be parsed.
Q: exists lines whose (it contains “‘PullIntervalInMins’: “60”,”) of file "/opt/adb-agent/appsettings.json"
E: This expression could not be parsed.
Q: exists lines whose (it contains “PullIntervalInMins: “60”,”) of file "/opt/adb-agent/appsettings.json"
E: This expression could not be parsed.
The last one shows false but it should be true so I know that isn’t working either. What do I need to do to overcome the quotes or is there a better method to look for a specific line in a json file. I want to replace it the 60 with 30. This is a Linux server so I was going to just create a one-liner with sed to replace unless there is a better more effective way with BigFix but need to get the relevance working to filter out my endpoints with that value.
There are also a couple of working examples in this thread at Json inspector question
One common hangup I see with JSON parsing is when one expects it to behave like Registry inspectors. Bear in mind that we don’t retrieve key "X" of key "Y" of jsons of files "/tmp/test.json" , instead we retrieve key "X" of value of key "Y" of jsons
Should be True but showing False -
Q: exists values whose (it as integer = 60) of keys “PullIntervalInMins” of jsons of files “/opt/adb-agent/appsettings.json”
A: False
T: 3270
In building a test for this, I had to remove the trailing comma at the end of the last value (otherwise it’s invalid JSON).
I found that we can’t cast a JSON value to integer directly, we have to first cast it to string. Here is the working query along with how I got there for demonstration.
q: exists values whose (it as integer = 60) of keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
A: False
T: 5.219 ms
I: singular boolean
q: jsons of files "c:\temp\test2.json"
A: {"AppliedPolicyVersion":"0","LogFileName":"adb-agent.log","LogPath":"\u002fvar\u002flog\u002f","LoggingLevel":"Info","PullIntervalInMins":"60"}
T: 4.329 ms
I: plural json value
q: keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
A: PullIntervalInMins : 60
T: 3.530 ms
I: plural json key
q: values of keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
A: 60
T: 2.672 ms
I: plural json value
q: (it as integer) of values of keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
E: Singular expression refers to nonexistent object.
q: (it as string as integer) of values of keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
A: 60
T: 1.834 ms
I: plural integer
q: exists values whose (it as string as integer = 60) of keys "PullIntervalInMins" of jsons of files "c:\temp\test2.json"
A: True
T: 0.912 ms
I: singular boolean