How to remove events from archive file

[ismailctest C]

Hi Team,

How to remove particular events or lines from archive.json

Eg:

I want to delete the below logs from archive.json file.

{"timestamp":"2022-10-17T10:49:58.834+0000","agent":{"id":"000","name":"prod--wazuhmanager-collector.server"},"manager":{"name":"prod-wazuhmanager-collector.server"},"id":"1666003798.1448496990","full_log":"2022-07-28 06:50:06 UTC:10.60.244.180(36618):fx_db_writer@fx_appdb:[6171]:WARNING:  skipping \"fx_report_measurement_usp_v3_p2022_04\" --- only table or database owner can analyze it","decoder":{"name":"windows-date-format"},"location":"Wazuh-AWS"}

[Andres Micalizzi]

Hi ismail,

You could manage this with a simple python script that would open the json file, for each line match it to what ever you are looking for. When a line does not match you write it into the file again. It would go something along this lines:

YOUR_SEARCH_STRING = whatever string you want to use to remove the json.

with open("archive.json", "r") as f: lines = f.readlines() 

     f: lines = f.readlines()

with open("archive.json", "w") as:

    for line in lines:

        if YOUR_SEARCH_STRING not in line:

            f.write(line)

You can use a regex as your search string that can match whatever particular details you are looking for in the json file.

I hope this answers your question.

Cheers.