Related
I am trying to convert some JSON files about TCP and DNP3 traffic into bulk import into Elasticsearch. I've already know that tshark has a command that can generate JSON for bulk import from a pcap:
tshark -T ek -r dnp3_trace.pcap > dnp3_trace.json
However, I haven't got the pcaps for some JSON files and I don't know if there is something that could transform the JSON into bulk index.
For example, I provide an example of my JSON that I would like to convert into bulk index:
{
"_index": "packets-2020-10-17",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "ens224"
},
"frame.encap_type": "1",
"frame.time": "Oct 17, 2020 10:51:44.072688465 Central Daylight Time",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1602949904.072688465",
"frame.time_delta": "0.000000000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "0.000000000",
"frame.number": "1",
"frame.len": "72",
"frame.cap_len": "72",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:dnp3",
"frame.coloring_rule.name": "TCP",
"frame.coloring_rule.string": "tcp"
},
"eth": {
"eth.dst": "00:00:00:aa:00:25",
"eth.dst_tree": {
"eth.dst_resolved": "00:00:00_aa:00:25",
"eth.dst.oui": "0",
"eth.dst.oui_resolved": "Officially Xerox, but 0:0:0:0:0:0 is more common",
"eth.addr": "00:00:00:aa:00:25",
"eth.addr_resolved": "00:00:00_aa:00:25",
"eth.addr.oui": "0",
"eth.addr.oui_resolved": "Officially Xerox, but 0:0:0:0:0:0 is more common",
"eth.dst.lg": "0",
"eth.lg": "0",
"eth.dst.ig": "0",
"eth.ig": "0"
},
"eth.src": "00:50:56:9c:5f:cc",
"eth.src_tree": {
"eth.src_resolved": "VMware_9c:5f:cc",
"eth.src.oui": "20566",
"eth.src.oui_resolved": "VMware, Inc.",
"eth.addr": "00:50:56:9c:5f:cc",
"eth.addr_resolved": "VMware_9c:5f:cc",
"eth.addr.oui": "20566",
"eth.addr.oui_resolved": "VMware, Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "58",
"ip.id": "0x000009f9",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000c405",
"ip.checksum.status": "2",
"ip.src": "172.16.0.2",
"ip.addr": "172.16.0.2",
"ip.src_host": "172.16.0.2",
"ip.host": "172.16.0.2",
"ip.dst": "192.168.0.5",
"ip.addr": "192.168.0.5",
"ip.dst_host": "192.168.0.5",
"ip.host": "192.168.0.5"
},
"tcp": {
"tcp.srcport": "41391",
"tcp.dstport": "20000",
"tcp.port": "41391",
"tcp.port": "20000",
"tcp.stream": "0",
"tcp.len": "18",
"tcp.seq": "1",
"tcp.seq_raw": "3359839259",
"tcp.nxtseq": "19",
"tcp.ack": "1",
"tcp.ack_raw": "1388983197",
"tcp.hdr_len": "20",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "501",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x00006cec",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.analysis": {
"tcp.analysis.bytes_in_flight": "18",
"tcp.analysis.push_bytes_sent": "18"
},
"Timestamps": {
"tcp.time_relative": "0.000000000",
"tcp.time_delta": "0.000000000"
},
"tcp.payload": "05:64:0b:c4:59:02:01:00:d4:49:ca:ca:01:3c:01:06:d1:ff",
"tcp.pdu.size": "18"
},
"dnp3": {
"Data Link Layer, Len: 11, From: 1, To: 601, DIR, PRM, Unconfirmed User Data": {
"dnp3.start": "0x00000564",
"dnp3.len": "11",
"dnp3.ctl": "0x000000c4",
"dnp3.ctl_tree": {
"dnp3.ctl.dir": "1",
"dnp3.ctl.prm": "1",
"dnp3.ctl.fcb": "0",
"dnp3.ctl.fcv": "0",
"dnp3.ctl.prifunc": "4"
},
"dnp3.dst": "601",
"dnp3.addr": "601",
"dnp3.src": "1",
"dnp3.addr": "1",
"dnp3.hdr.CRC": "0x000049d4",
"dnp.hdr.CRC.status": "1"
},
"dnp3.tr.ctl": "0x000000ca",
"dnp3.tr.ctl_tree": {
"dnp3.tr.fin": "1",
"dnp3.tr.fir": "1",
"dnp3.tr.seq": "10"
},
"Data Chunks": {
"Data Chunk: 0": {
"dnp.data_chunk": "ca:ca:01:3c:01:06",
"dnp.data_chunk_len": "6",
"dnp.data_chunk.CRC": "0x0000ffd1",
"dnp.data_chunk.CRC.status": "1"
}
},
"dnp3.al.fragments": {
"dnp3.al.fragment": "1",
"dnp3.al.fragment.count": "1",
"dnp3.al.fragment.reassembled.length": "5"
},
"Application Layer: (FIR, FIN, Sequence 10, Read)": {
"dnp3.al.ctl": "0x000000ca",
"dnp3.al.ctl_tree": {
"dnp3.al.fir": "1",
"dnp3.al.fin": "1",
"dnp3.al.con": "0",
"dnp3.al.uns": "0",
"dnp3.al.seq": "10"
},
"dnp3.al.func": "1",
"READ Request Data Objects": {
"dnp3.al.obj": "15361",
"dnp3.al.obj_tree": {
"Qualifier Field, Prefix: None, Range: No Range Field": {
"dnp3.al.objq.prefix": "0",
"dnp3.al.objq.range": "6"
},
"Number of Items: 0": ""
}
}
}
}
}
}
}
My goal would be to convert this JSON in this format:
{"index":{"_index":"packets-2019-10-25","_type":"doc"}}
{"timestamp":"1571994793106","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"2019-10-25T09:13:13.106208000Z","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1571994793.106208000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"78","frame_frame_cap_len":"78","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:tcp:dnp3"},"eth":{"eth_eth_dst":"50:7b:9d:76:77:d5","eth_eth_dst_resolved":"LCFCHeFe_76:77:d5","eth_eth_dst_oui":"5274525","eth_eth_dst_oui_resolved":"LCFC(HeFei) Electronics Technology co., ltd","eth_eth_addr":"50:7b:9d:76:77:d5","eth_eth_addr_resolved":"LCFCHeFe_76:77:d5","eth_eth_addr_oui":"5274525","eth_eth_addr_oui_resolved":"LCFC(HeFei) Electronics Technology co., ltd","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"d8:50:e6:05:a3:1e","eth_eth_src_resolved":"ASUSTekC_05:a3:1e","eth_eth_src_oui":"14176486","eth_eth_src_oui_resolved":"ASUSTek COMPUTER INC.","eth_eth_addr":"d8:50:e6:05:a3:1e","eth_eth_addr_resolved":"ASUSTekC_05:a3:1e","eth_eth_addr_oui":"14176486","eth_eth_addr_oui_resolved":"ASUSTek COMPUTER INC.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"64","ip_ip_id":"0x0000259f","ip_ip_flags":"0x00004000","ip_ip_flags_rb":false,"ip_ip_flags_df":true,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"6","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.1.150","ip_ip_addr":["192.168.1.150","192.168.1.200"],"ip_ip_src_host":"192.168.1.150","ip_ip_host":["192.168.1.150","192.168.1.200"],"ip_ip_dst":"192.168.1.200","ip_ip_dst_host":"192.168.1.200"},"tcp":{"tcp_tcp_srcport":"53543","tcp_tcp_dstport":"20000","tcp_tcp_port":["53543","20000"],"tcp_tcp_stream":"0","tcp_tcp_len":"24","tcp_tcp_seq":"1","tcp_tcp_seq_raw":"3354368014","tcp_tcp_nxtseq":"25","tcp_tcp_ack":"1","tcp_tcp_ack_raw":"3256068755","tcp_tcp_hdr_len":"20","tcp_tcp_flags":"0x00000018","tcp_tcp_flags_res":false,"tcp_tcp_flags_ns":false,"tcp_tcp_flags_cwr":false,"tcp_tcp_flags_ecn":false,"tcp_tcp_flags_urg":false,"tcp_tcp_flags_ack":true,"tcp_tcp_flags_push":true,"tcp_tcp_flags_reset":false,"tcp_tcp_flags_syn":false,"tcp_tcp_flags_fin":false,"tcp_tcp_flags_str":"·······AP···","tcp_tcp_window_size_value":"2052","tcp_tcp_window_size":"2052","tcp_tcp_window_size_scalefactor":"-1","tcp_tcp_checksum":"0x000084e1","tcp_tcp_checksum_status":"2","tcp_tcp_urgent_pointer":"0","tcp_tcp_analysis":null,"tcp_tcp_analysis_bytes_in_flight":"24","tcp_tcp_analysis_push_bytes_sent":"24","text":"Timestamps","tcp_tcp_time_relative":"0.000000000","tcp_tcp_time_delta":"0.000000000","tcp_tcp_payload":"05:64:11:c4:01:00:02:00:c3:5a:c8:c8:01:3c:02:06:3c:03:06:3c:04:06:c0:4c","tcp_tcp_pdu_size":"24"},"dnp3":{"text":["Data Link Layer, Len: 17, From: 2, To: 1, DIR, PRM, Unconfirmed User Data","Data Chunks","Application Layer: (FIR, FIN, Sequence 8, Read)"],"dnp3_dnp3_start":"0x00000564","dnp3_dnp3_len":"17","dnp3_dnp3_ctl":"0x000000c4","dnp3_dnp3_ctl_dir":true,"dnp3_dnp3_ctl_prm":true,"dnp3_dnp3_ctl_fcb":false,"dnp3_dnp3_ctl_fcv":false,"dnp3_dnp3_ctl_prifunc":"4","dnp3_dnp3_dst":"1","dnp3_dnp3_addr":["1","2"],"dnp3_dnp3_src":"2","dnp3_dnp3_hdr_CRC":"0x00005ac3","dnp3_dnp_hdr_CRC_status":"1","dnp3_dnp3_tr_ctl":"0x000000c8","dnp3_dnp3_tr_fin":true,"dnp3_dnp3_tr_fir":true,"dnp3_dnp3_tr_seq":"8","text":["Data Chunk: 0","READ Request Data Objects"],"dnp3_dnp_data_chunk":"c8:c8:01:3c:02:06:3c:03:06:3c:04:06","dnp3_dnp_data_chunk_len":"12","dnp3_dnp_data_chunk_CRC":"0x00004cc0","dnp3_dnp_data_chunk_CRC_status":"1","dnp3_dnp3_al_fragments":null,"dnp3_dnp3_al_fragment":"1","dnp3_dnp3_al_fragment_count":"1","dnp3_dnp3_al_fragment_reassembled_length":"11","dnp3_dnp3_al_ctl":"0x000000c8","dnp3_dnp3_al_fir":true,"dnp3_dnp3_al_fin":true,"dnp3_dnp3_al_con":false,"dnp3_dnp3_al_uns":false,"dnp3_dnp3_al_seq":"8","dnp3_dnp3_al_func":"1","dnp3_dnp3_al_obj":["15362","15363","15364"],"text":["Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0","Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0","Qualifier Field, Prefix: None, Range: No Range Field","Number of Items: 0"],"dnp3_dnp3_al_objq_prefix":["0","0","0"],"dnp3_dnp3_al_objq_range":["6","6","6"]}}}
If anyone has any solution or suggestion, I would appreciate it :)
Thanks in advance.
I'm trying to extract a specific value from JSON file.
the key value is: "info": "this is an example" (The key is unique)
I want to extract only the value: "this is an example"
My code:
cat 9.json | jq '.info'
result:
null
JSON file example:
{
"Event": {
"id": "13",
"orgc_id": "1",
"org_id": "1",
"date": "2019-01-09",
"threat_level_id": "3",
"info": "test9",
"published": false,
"uuid": "5c35d180",
"attribute_count": "2",
"analysis": "0",
"timestamp": "1547044733",
"distribution": "1",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1547034089",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"event_creator_email": "o#cyhgfnt.com",
"Org": {
"id": "1",
"name": "Cygfdgfdnt",
"uuid": "5b9f938d-e3a0-4ecb-83b3-0bdeac1b41bc"
},
"Orgc": {
"id": "1",
"name": "Cyhgfgft",
"uuid": "5b9f938d-e3a0-4ecb-83b3-0bdeac1b41bc"
},
"Attribute": [{
"id": "292630",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5c35dd94-cccc-4086-b386-682823717aa5",
"event_id": "1357",
"distribution": "5",
"timestamp": "1547034584",
"comment": "This is a comment",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "dodskj.com",
"Galaxy": [],
"ShadowAttribute": [],
"Tag": [{
"id": "223",
"name": "kill-chain:Exploitation",
"colour": "#a80079",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}]
}, {
"id": "292631",
"type": "ip-dst",
"category": "Network activity",
"to_ids": true,
"uuid": "5c35dd94-fe90-4ef6-b3a9-682823717aa5",
"event_id": "1357",
"distribution": "5",
"timestamp": "1547044733",
"comment": "comment example",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "8.8.6.6",
"Galaxy": [],
"ShadowAttribute": [],
"Tag": [{
"id": "247",
"name": "maec-malware-capabilities:maec-malware-capability=\"anti-removal\"",
"colour": "#3f0004",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}, {
"id": "465",
"name": "osint:lifetime=\"perpetual\"",
"colour": "#006ebe",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}]
}],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [{
"id": "3",
"uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
"name": "Threat Actor",
"type": "threat-actor",
"description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
"version": "3",
"icon": "user-secret",
"namespace": "misp",
"GalaxyCluster": [{
"id": "6397",
"collection_uuid": "7cdff317-a673-4474-84ec-4f1754947823",
"type": "threat-actor",
"value": "Sofacy",
"tag_name": "misp-galaxy:threat-actor=\"Sofacy\"",
"description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.",
"galaxy_id": "3",
"source": "MISP Project",
"authors": ["Alexandre Dulaunoy", "Florian Roth", "Thomas Schreck", "Timo Steffens", "Various"],
"version": "82",
"uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
"tag_id": "608",
"meta": {
"cfr-suspected-state-sponsor": ["Russian Federation"],
"cfr-suspected-victims": ["Georgia", "France", "Jordan", "United States", "Hungary", "World Anti-Doping Agency", "Armenia", "Tajikistan", "Japan", "NATO", "Ukraine", "Belgium", "Pakistan", "Asia Pacific Economic Cooperation", "International Association of Athletics Federations", "Turkey", "Mongolia", "OSCE", "United Kingdom", "Germany", "Poland", "European Commission", "Afghanistan", "Kazakhstan", "China"],
"cfr-target-category": ["Government", "Military"],
"cfr-type-of-incident": ["Espionage"],
"country": ["RU"],
"refs": ["https:\/\/en.wikipedia.org\/wiki\/Sofacy_Group", "https:\/\/aptnotes.malwareconfig.com\/web\/viewer.html?file=..\/APTnotes\/2014\/apt28.pdf", "http:\/\/www.trendmicro.com\/cloud-content\/us\/pdfs\/security-intelligence\/white-papers\/wp-operation-pawn-storm.pdf", "https:\/\/www2.fireeye.com\/rs\/848-DID-242\/images\/wp-mandiant-matryoshka-mining.pdf", "https:\/\/www.crowdstrike.com\/blog\/bears-midst-intrusion-democratic-national-committee\/", "http:\/\/researchcenter.paloaltonetworks.com\/2016\/06\/unit42-new-sofacy-attacks-against-us-government-agency\/", "https:\/\/www.cfr.org\/interactive\/cyber-operations\/apt-28", "https:\/\/blogs.microsoft.com\/on-the-issues\/2018\/08\/20\/we-are-taking-new-steps-against-broadening-threats-to-democracy\/", "https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections\/", "https:\/\/www.bleepingcomputer.com\/news\/security\/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild\/"],
"synonyms": ["APT 28", "APT28", "Pawn Storm", "PawnStorm", "Fancy Bear", "Sednit", "TsarTeam", "Tsar Team", "TG-4127", "Group-4127", "STRONTIUM", "TAG_0700", "Swallowtail", "IRON TWILIGHT", "Group 74"]
}
}]
}],
"Object": [],
"Tag": [{
"id": "608",
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"colour": "#12e000",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}, {
"id": "118",
"name": "gdpr:special-categories=\"health\"",
"colour": "#3ce600",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}]
}
}
I suppose you are trying to get the .info field inside .Event which should have been written as below. Use -r for without quotes
jq '.Event.info'
This is my Json. I have props.bom_concrete_type.id and i need get "desc" What kind of query need?? Help me
[
{
"create_date": "2017-06-07T09:35:12.2391092+08:00",
"id": "optional_dictionary",
"model": "optional_dictionary",
"props": {
"bom_concrete_type": [
{
"desc": "Shotcrete",
"id": "1",
"shortname": null
},
{
"desc": "Concrete",
"id": "2",
"shortname": null
}
],
"bom_production_type": [
{
"desc": "Underground",
"id": "1",
"shortname": null
},
{
"desc": "Surface",
"id": "2",
"shortname": null
},
{
"desc": "TKAJV",
"id": "3",
"shortname": null
}
],
"mixorder_comment": [
{
"desc": "No order",
"id": "1",
"shortname": null
},
{
"desc": "Client canceled",
"id": "2",
"shortname": null
},
{
"desc": "Batch plant canceled",
"id": "3",
"shortname": null
},
{
"desc": "Re-schedule/Requester cancelled",
"id": "4",
"shortname": null
},
{
"desc": "Batch plant shutdown",
"id": "5",
"shortname": null
},
{
"desc": "Client shutdown",
"id": "6",
"shortname": null
},
{
"desc": "Weather Condition",
"id": "7",
"shortname": null
},
{
"desc": "Client equipment",
"id": "8",
"shortname": null
},
{
"desc": "Batch plant equipment",
"id": "9",
"shortname": null
},
{
"desc": "Incident/Accident",
"id": "10",
"shortname": null
},
{
"desc": "HSE Issue",
"id": "11",
"shortname": null
},
{
"desc": "Client slow production",
"id": "12",
"shortname": null
},
{
"desc": "Time conflict between requests",
"id": "13",
"shortname": null
},
{
"desc": "Normal operation",
"id": "14",
"shortname": null
},
{
"desc": "Slickline or underground maintenance by Client(Mining)",
"id": "15",
"shortname": null
}
]
},
"version": null
}
]
For this sort of query you need to use one of the array operators (https://developer.couchbase.com/documentation/server/4.6/n1ql/n1ql-language-reference/collectionops.html).
I entered your document above into a bucket I called "default". This query will give you the 'desc' field (which needs to be quoted in back-ticks since it is a reserved word, "order by...desc").
select first e.`desc`
for e in props.bom_concrete_type when e.id = "1" end as `desc`
from default;
The query result is:
[
{
"desc": "Shotcrete"
}
]
If you just want the bare value, you can use this query:
select raw first e.`desc`
for e in props.bom_concrete_type when e.id = "1" end
from default;
and the results are:
[
"Shotcrete"
]
I wanted to sort the file which have json data on basis of a key(fare) in a shell script (.sh) file.Is there a way to acheive the same ?
{ "route":[
{"match":"true","column":"10","fare":"120.0","source":"false","length":"1","name":"41","row":"4","width":"1","zIndex":"0"},
{"match":"true","column":"9","fare":"110.0","source":"false","length":"1","name":"37","row":"3","width":"1","zIndex":"0"},
{"match":"true","column":"8","fare":"500.0","source":"false","length":"1","name":"33","row":"2","width":"1","zIndex":"0"},
{"match":"true","column":"7","fare":"510.0","source":"false","length":"1","name":"29","row":"1","width":"1","zIndex":"0"},
{"match":"true","column":"6","fare":"50.0","source":"false","length":"1","name":"29","row":"0","width":"1","zIndex":"0"}
]
};
jq '.route = (.route | sort_by(.fare))' file.json
{
"route": [
{
"zIndex": "0",
"match": "true",
"column": "9",
"fare": "110.0",
"source": "false",
"length": "1",
"name": "37",
"row": "3",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "10",
"fare": "120.0",
"source": "false",
"length": "1",
"name": "41",
"row": "4",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "6",
"fare": "50.0",
"source": "false",
"length": "1",
"name": "29",
"row": "0",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "8",
"fare": "500.0",
"source": "false",
"length": "1",
"name": "33",
"row": "2",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "7",
"fare": "510.0",
"source": "false",
"length": "1",
"name": "29",
"row": "1",
"width": "1"
}
]
}
Note that the sorting is lexical ("50" is in the middle). This is because the values are strings not numbers. To get numeric sorting, we need to cast as a number
jq '.route = (.route | sort_by(.fare | tonumber))' file.json
{
"route": [
{
"zIndex": "0",
"match": "true",
"column": "6",
"fare": "50.0",
"source": "false",
"length": "1",
"name": "29",
"row": "0",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "9",
"fare": "110.0",
"source": "false",
"length": "1",
"name": "37",
"row": "3",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "10",
"fare": "120.0",
"source": "false",
"length": "1",
"name": "41",
"row": "4",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "8",
"fare": "500.0",
"source": "false",
"length": "1",
"name": "33",
"row": "2",
"width": "1"
},
{
"zIndex": "0",
"match": "true",
"column": "7",
"fare": "510.0",
"source": "false",
"length": "1",
"name": "29",
"row": "1",
"width": "1"
}
]
}
I've Searched this site and googled as much as i can but cannot seem to find a solution that works.
I have Nagios core running at home for a monitoring project. the status.dat is converted to a Json file on the web server using a plugin i installed.
the output from this plugin looks like this:
{
"programStatus": {
"modified_host_attributes": "0",
"modified_service_attributes": "0",
"nagios_pid": "983",
"daemon_mode": "1",
"program_start": "1414556165",
"last_log_rotation": "0",
"enable_notifications": "1",
"active_service_checks_enabled": "1",
"passive_service_checks_enabled": "1",
"active_host_checks_enabled": "1",
"passive_host_checks_enabled": "1",
"enable_event_handlers": "1",
"obsess_over_services": "0",
"obsess_over_hosts": "0",
"check_service_freshness": "1",
"check_host_freshness": "0",
"enable_flap_detection": "1",
"process_performance_data": "0",
"global_host_event_handler": "",
"global_service_event_handler": "",
"next_comment_id": "1",
"next_downtime_id": "1",
"next_event_id": "77",
"next_problem_id": "23",
"next_notification_id": "304",
"active_scheduled_host_check_stats": "1,5,5",
"active_ondemand_host_check_stats": "0,0,0",
"passive_host_check_stats": "0,0,0",
"active_scheduled_service_check_stats": "3,11,11",
"active_ondemand_service_check_stats": "0,0,0",
"passive_service_check_stats": "0,0,0",
"cached_host_check_stats": "0,0,0",
"cached_service_check_stats": "0,0,0",
"external_command_stats": "0,0,0",
"parallel_host_check_stats": "1,5,5",
"serial_host_check_stats": "0,0,0"
},
"hosts": {
"localhost": {
"host_name": "localhost",
"modified_attributes": "0",
"check_command": "check-host-alive",
"check_period": "24x7",
"notification_period": "workhours",
"check_interval": "5.000000",
"retry_interval": "1.000000",
"event_handler": "",
"has_been_checked": "1",
"should_be_scheduled": "1",
"check_execution_time": "4.007",
"check_latency": "1.279",
"check_type": "0",
"current_state": "0",
"last_hard_state": "0",
"last_event_id": "0",
"current_event_id": "0",
"current_problem_id": "0",
"last_problem_id": "0",
"plugin_output": "PING OK - Packet loss = 0%, RTA = 0.08 ms",
"long_plugin_output": "",
"performance_data": "rta=0.076000ms;3000.000000;5000.000000;0.000000 pl=0%;80;100;0",
"last_check": "1414556166",
"next_check": "1414556470",
"check_options": "0",
"current_attempt": "1",
"max_attempts": "10",
"state_type": "1",
"last_state_change": "1411951605",
"last_hard_state_change": "1411951605",
"last_time_up": "1414556170",
"last_time_down": "0",
"last_time_unreachable": "0",
"last_notification": "0",
"next_notification": "0",
"no_more_notifications": "0",
"current_notification_number": "0",
"current_notification_id": "0",
"notifications_enabled": "1",
"problem_has_been_acknowledged": "0",
"acknowledgement_type": "0",
"active_checks_enabled": "1",
"passive_checks_enabled": "1",
"event_handler_enabled": "1",
"flap_detection_enabled": "1",
"process_performance_data": "1",
"obsess": "1",
"last_update": "1414556456",
"is_flapping": "0",
"percent_state_change": "0.00",
"scheduled_downtime_depth": "0"
},
"test-vm": {
"host_name": "test-vm",
"modified_attributes": "0",
"check_command": "check-host-alive",
"check_period": "24x7",
"notification_period": "workhours",
"check_interval": "5.000000",
"retry_interval": "1.000000",
"event_handler": "",
"has_been_checked": "1",
"should_be_scheduled": "1",
"check_execution_time": "3.001",
"check_latency": "0.000",
"check_type": "0",
"current_state": "1",
"last_hard_state": "1",
"last_event_id": "70",
"current_event_id": "72",
"current_problem_id": "19",
"last_problem_id": "10",
"plugin_output": "CRITICAL - Host Unreachable (192.168.56.4)",
"long_plugin_output": "",
"performance_data": "",
"last_check": "1414556437",
"next_check": "1414556740",
"check_options": "0",
"current_attempt": "1",
"max_attempts": "10",
"state_type": "1",
"last_state_change": "1413873683",
"last_hard_state_change": "1413873683",
"last_time_up": "1413873142",
"last_time_down": "1414556440",
"last_time_unreachable": "0",
"last_notification": "1414556268",
"next_notification": "1414563468",
"no_more_notifications": "0",
"current_notification_number": "2",
"current_notification_id": "301",
"notifications_enabled": "1",
"problem_has_been_acknowledged": "0",
"acknowledgement_type": "0",
"active_checks_enabled": "1",
"passive_checks_enabled": "1",
"event_handler_enabled": "1",
"flap_detection_enabled": "1",
"process_performance_data": "1",
"obsess": "1",
"last_update": "1414556456",
"is_flapping": "0",
"percent_state_change": "0.00",
"scheduled_downtime_depth": "0"
},
"winserver": {
"host_name": "winserver",
"modified_attributes": "0",
"check_command": "check-host-alive",
"check_period": "24x7",
"notification_period": "24x7",
"check_interval": "5.000000",
"retry_interval": "1.000000",
"event_handler": "",
"has_been_checked": "1",
"should_be_scheduled": "1",
"check_execution_time": "4.004",
"check_latency": "0.000",
"check_type": "0",
"current_state": "0",
"last_hard_state": "0",
"last_event_id": "75",
"current_event_id": "76",
"current_problem_id": "0",
"last_problem_id": "20",
"plugin_output": "PING OK - Packet loss = 0%, RTA = 0.44 ms",
"long_plugin_output": "",
"performance_data": "rta=0.438000ms;3000.000000;5000.000000;0.000000 pl=0%;80;100;0",
"last_check": "1414556380",
"next_check": "1414556684",
"check_options": "0",
"current_attempt": "1",
"max_attempts": "10",
"state_type": "1",
"last_state_change": "1414556303",
"last_hard_state_change": "1414556303",
"last_time_up": "1414556384",
"last_time_down": "1414556303",
"last_time_unreachable": "0",
"last_notification": "1414556303",
"next_notification": "1414558103",
"no_more_notifications": "0",
"current_notification_number": "0",
"current_notification_id": "302",
"notifications_enabled": "1",
"problem_has_been_acknowledged": "0",
"acknowledgement_type": "0",
"active_checks_enabled": "1",
"passive_checks_enabled": "1",
"event_handler_enabled": "1",
"flap_detection_enabled": "1",
"process_performance_data": "1",
"obsess": "1",
"last_update": "1414556456",
"is_flapping": "0",
"percent_state_change": "5.99",
"scheduled_downtime_depth": "0"
}
},
and goes on forever with host infomation.
now ive managed to parse this using rainmeter web parser and a regex helper called rainregex quite easily.
what i would like to do is use this information on a web page.
i've tried doing jquery:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"> </script>
<script>
$.getJSON("http://<serverIP>/nagios/statusJson.php", function( data){
var items = [];
$.each( data, function( key, val ) {
items.push( "<li id='" + key + "'>" + val + "</li>" );
});
$( "<ul/>", {
"class": "my-new-list",
html: items.join( "" )
}).appendTo( "body" );
});
</script>
</script>
but i couldn't get it to pull the information from the php file.
im not sure what im doing wrong here.
In case you were still curious about a solution, this might help you:
If you were pulling from the php file, you have to make sure that you echo the json encoded array you created:
echo json_encode($postData);
You can also skip parsing using php, and get the info straight from the Nagios RESTful API(I assume you have the api plugin installed as well). From there you can parse and output the json using your jquery script.
Hi I Managed to Resolve this issue myself.
I'm not fluent enough in JQuery so i decided to use a Python Script to parse the Json Data and update it to a SQL Table, from here i was able to easily use PHP to query the SQL DB for the data.
Thank you all anyway. ill edit this comment soon when i'm finished polishing the script.