如何提取多个项目并将它们保留为一个 json 结构
How can I extract multiple items and keep them as one json structure
我有一个例子 JSON
{
"reason": "TCP FINs",
"bytes": "1759",
"duration": "0:00:00",
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
},
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
},
"connection-id": "400508768",
"proto": "TCP",
"hostname": "192.168.1.1",
"timestamp": "Apr 28 13:00:01",
"event.tags": [ "cisco", "ASA-6-302014" ]
}
我想提取源和目标部分,但作为一个对象。
{
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
},
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
}
}
如果我执行 jq '.source,.dest" 然后我得到两个不同的对象
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
}
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
}
如果你使用 -c 会更明显,因为它们会作为两条不同的线出现
作为更高级的阶段,我希望能够在没有其他数据的情况下只获得其中的一部分(IP 地址),但仍然作为一个对象
{
"dest": {
"ip": "192.168.2.2",
},
"source": {
"ip": "10.1.5.1",
}
}
试试这个:
jq '{ "dest": .dest, "source": .source }'
或您的最终形式:
jq '{ "dest": { "ip": .dest.ip }, "source": { "ip": .source.ip } }'
输出:
{
"dest": {
"ip": "192.168.2.2"
},
"source": {
"ip": "10.1.5.1"
}
}
我有一个例子 JSON
{
"reason": "TCP FINs",
"bytes": "1759",
"duration": "0:00:00",
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
},
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
},
"connection-id": "400508768",
"proto": "TCP",
"hostname": "192.168.1.1",
"timestamp": "Apr 28 13:00:01",
"event.tags": [ "cisco", "ASA-6-302014" ]
}
我想提取源和目标部分,但作为一个对象。
{
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
},
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
}
}
如果我执行 jq '.source,.dest" 然后我得到两个不同的对象
"dest": {
"interface": "inside",
"ip": "192.168.2.2",
"port": "88"
}
"source": {
"interface": "outside",
"ip": "10.1.5.1",
"port": "60470"
}
如果你使用 -c 会更明显,因为它们会作为两条不同的线出现
作为更高级的阶段,我希望能够在没有其他数据的情况下只获得其中的一部分(IP 地址),但仍然作为一个对象
{
"dest": {
"ip": "192.168.2.2",
},
"source": {
"ip": "10.1.5.1",
}
}
试试这个:
jq '{ "dest": .dest, "source": .source }'
或您的最终形式:
jq '{ "dest": { "ip": .dest.ip }, "source": { "ip": .source.ip } }'
输出:
{
"dest": {
"ip": "192.168.2.2"
},
"source": {
"ip": "10.1.5.1"
}
}