Regular expression to split two events in JSON file

Question

I have one JSON log file and I am looking for a regex to split the events within it. I have written one regex but it is reading all events as one group.

Log file:

[ {
   "name" : "CounterpartyNotional",
   "type" : "RiskBreakdown",
   "duration" : 20848,
   "count" : 1,
   "average" : 20848.0
 }, {
   "name" : "CounterpartyPreSettlement",
   "type" : "RiskBreakdown",
   "duration" : 15370,
   "count" : 1,
   "average" : 15370.0
 } ]
 [ {
   "name" : "TraderCurrency",
   "type" : "Formula",
   "duration" : 344,
   "count" : 1,
   "average" : 344.0
 } ]

PS: I will be using this regex for a Splunk tool.

Answer 1

Your regex does not read all events together. In the line above the regex (on the linked page) there is written "2 matches", which means your regex has split the log, but you must know how to iterate through the matches (i.e. the events) in the language which runs the regex matching.

For example in Python 3 (If you don't mind I simplify the regex):

import re

log = """[ {
   "name" : "CounterpartyNotional",
   "type" : "RiskBreakdown",
   "duration" : 20848,
   "count" : 1,
   "average" : 20848.0
 }, {
   "name" : "CounterpartyPreSettlement",
   "type" : "RiskBreakdown",
   "duration" : 15370,
   "count" : 1,
   "average" : 15370.0
 } ]
 [ {
   "name" : "TraderCurrency",
   "type" : "Formula",
   "duration" : 344,
   "count" : 1,
   "average" : 344.0
 } ]"""

event =  re.compile(r'{[^}]*?"RiskBreakdown"[^}]*}')
matches =  event.findall(log)
print(matches)

And yes, it is true, this is not valid JSON, but on the linked page it is OK, so maybe it's a typo.