My json response is like this.
{
"level": "info",
"timestamp": "2022-03-21T16:10:27.060Z",
"msg": "starting test",
}
{
"level": "warn",
"timestamp": "2022-03-21T16:10:27.060Z",
"msg": "message 2"
}
{
"level": "error",
"timestamp": "2022-03-21T16:10:27.060Z",
"msg": "message 3"
}
I want to extract.
Either 3rd message (or nth message) or the message associated with error
How can I do this with jq?
Use select to filter by condition
jq 'select(.level == "error")'
{
"level": "error",
"timestamp": "2022-03-21T16:10:27.060Z",
"msg": "message 3"
}
Demo
To extract the message, use the -r option
jq -r 'select(.level == "error").msg'
message 3
Demo
If you want to access the nth object, you may want to use a structure whose items you can count. Using the -s option would turn the input stream into an array. Using the --argjson option enables you using an external (JSON) value for reference:
jq -sr --argjson n 2 '.[$n].msg'
message 3
Demo
To directly address the nth element of a stream, use the nth function, in combination with inputs and the -n option to address the entire stream at once:
jq -nr --argjson n 2 'nth($n;inputs).msg'
message 3
Demo
I'm trying to get this output the device name "test"
My filter is .[] | [.deviceName] and it's returning error: (at :7): Cannot index array with string "deviceName"
{
"test": [
{
"deviceName": "test",
"monitoringServer": "server1"
}
]
}
Presumably you meant:
jq '.test[] | [.deviceName]'
or perhaps:
jq '.[][] | [.deviceName]'
but without knowing your requirements, it's hard to say. That's one of the reasons why the http://stackoverflow.com/help/mcve guidelines were formulated.
Output of the following command
jq '.data[] | select(.vulnerable_configuration_cpe_2_2 | contains(["2.4.38"]))' search1.json
gives me
{
"Modified": "2019-06-11T17:29:00.647000",
"Published": "2019-06-11T17:29:00.630000",
"cvss": "5.0",
"cwe": "CWE-399",
"id": "CVE-2019-0220",
"last-modified": "2019-06-25T06:15:10.627000",
"reason": "Text search",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
],
"summary": "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",
"vulnerable_configuration": [
"cpe:2.3:a:apache:http_server:2.4.0",
"cpe:2.3:a:apache:http_server:2.4.1",
"cpe:2.3:a:apache:http_server:2.4.2",
"cpe:2.3:a:apache:http_server:2.4.3",
"cpe:2.3:a:apache:http_server:2.4.4",
"cpe:2.3:a:apache:http_server:2.4.6",
"cpe:2.3:a:apache:http_server:2.4.7",
"cpe:2.3:a:apache:http_server:2.4.8",
"cpe:2.3:a:apache:http_server:2.4.9",
"cpe:2.3:a:apache:http_server:2.4.10",
"cpe:2.3:a:apache:http_server:2.4.12",
"cpe:2.3:a:apache:http_server:2.4.14",
"cpe:2.3:a:apache:http_server:2.4.16",
"cpe:2.3:a:apache:http_server:2.4.17",
"cpe:2.3:a:apache:http_server:2.4.18",
"cpe:2.3:a:apache:http_server:2.4.19",
"cpe:2.3:a:apache:http_server:2.4.20",
"cpe:2.3:a:apache:http_server:2.4.21",
"cpe:2.3:a:apache:http_server:2.4.22",
"cpe:2.3:a:apache:http_server:2.4.23",
"cpe:2.3:a:apache:http_server:2.4.24",
"cpe:2.3:a:apache:http_server:2.4.25",
"cpe:2.3:a:apache:http_server:2.4.26",
"cpe:2.3:a:apache:http_server:2.4.27",
"cpe:2.3:a:apache:http_server:2.4.28",
"cpe:2.3:a:apache:http_server:2.4.29",
"cpe:2.3:a:apache:http_server:2.4.30",
"cpe:2.3:a:apache:http_server:2.4.32",
"cpe:2.3:a:apache:http_server:2.4.33",
"cpe:2.3:a:apache:http_server:2.4.34",
"cpe:2.3:a:apache:http_server:2.4.35",
"cpe:2.3:a:apache:http_server:2.4.36",
"cpe:2.3:a:apache:http_server:2.4.37",
"cpe:2.3:a:apache:http_server:2.4.38",
"cpe:2.3:o:opensuse:leap:15.0",
"cpe:2.3:o:opensuse:leap:42.3",
"cpe:2.3:o:debian:debian_linux:8.0",
"cpe:2.3:o:debian:debian_linux:9.0",
"cpe:2.3:o:fedoraproject:fedora:28",
"cpe:2.3:o:fedoraproject:fedora:29",
"cpe:2.3:o:fedoraproject:fedora:30",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:18.10"
],
"vulnerable_configuration_cpe_2_2": [
"cpe:/a:apache:http_server:2.4.0",
"cpe:/a:apache:http_server:2.4.1",
"cpe:/a:apache:http_server:2.4.2",
"cpe:/a:apache:http_server:2.4.3",
"cpe:/a:apache:http_server:2.4.4",
"cpe:/a:apache:http_server:2.4.6",
"cpe:/a:apache:http_server:2.4.7",
"cpe:/a:apache:http_server:2.4.8",
"cpe:/a:apache:http_server:2.4.9",
"cpe:/a:apache:http_server:2.4.10",
"cpe:/a:apache:http_server:2.4.12",
"cpe:/a:apache:http_server:2.4.14",
"cpe:/a:apache:http_server:2.4.16",
"cpe:/a:apache:http_server:2.4.17",
"cpe:/a:apache:http_server:2.4.18",
"cpe:/a:apache:http_server:2.4.19",
"cpe:/a:apache:http_server:2.4.20",
"cpe:/a:apache:http_server:2.4.21",
"cpe:/a:apache:http_server:2.4.22",
"cpe:/a:apache:http_server:2.4.23",
"cpe:/a:apache:http_server:2.4.24",
"cpe:/a:apache:http_server:2.4.25",
"cpe:/a:apache:http_server:2.4.26",
"cpe:/a:apache:http_server:2.4.27",
"cpe:/a:apache:http_server:2.4.28",
"cpe:/a:apache:http_server:2.4.29",
"cpe:/a:apache:http_server:2.4.30",
"cpe:/a:apache:http_server:2.4.32",
"cpe:/a:apache:http_server:2.4.33",
"cpe:/a:apache:http_server:2.4.34",
"cpe:/a:apache:http_server:2.4.35",
"cpe:/a:apache:http_server:2.4.36",
"cpe:/a:apache:http_server:2.4.37",
"cpe:/a:apache:http_server:2.4.38",
"cpe:/o:opensuse:leap:15.0",
"cpe:/o:opensuse:leap:42.3",
"cpe:/o:debian:debian_linux:8.0",
"cpe:/o:debian:debian_linux:9.0",
"cpe:/o:fedoraproject:fedora:28",
"cpe:/o:fedoraproject:fedora:29",
"cpe:/o:fedoraproject:fedora:30",
"cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:18.10"
]
}
{
"Modified": "2019-04-08T17:29:00.860000",
"Published": "2019-04-08T17:29:00.843000",
"cvss": "6.0",
"cwe": "CWE-362",
"id": "CVE-2019-0217",
"last-modified": "2019-05-13T23:29:03.847000",
"reason": "Text search",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
],
"summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"vulnerable_configuration": [
"cpe:2.3:a:apache:http_server:2.4.38",
"cpe:2.3:o:debian:debian_linux:8.0",
"cpe:2.3:o:debian:debian_linux:9.0",
"cpe:2.3:o:fedoraproject:fedora:29",
"cpe:2.3:o:fedoraproject:fedora:30",
"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts",
"cpe:2.3:o:canonical:ubuntu_linux:18.10",
"cpe:2.3:o:redhat:enterprise_linux:7.0",
"cpe:2.3:o:opensuse:leap:15.0",
"cpe:2.3:o:opensuse:leap:42.3"
],
"vulnerable_configuration_cpe_2_2": [
"cpe:/a:apache:http_server:2.4.38",
"cpe:/o:debian:debian_linux:8.0",
"cpe:/o:debian:debian_linux:9.0",
"cpe:/o:fedoraproject:fedora:29",
"cpe:/o:fedoraproject:fedora:30",
"cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~",
"cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~",
"cpe:/o:canonical:ubuntu_linux:18.10",
"cpe:/o:redhat:enterprise_linux:7.0",
"cpe:/o:opensuse:leap:15.0",
"cpe:/o:opensuse:leap:42.3"
]
}
I just want to display all the possible fields in a simple table on the command line but I am not able to achieve it.
I tried the following command
echo $(jq '.data[] | select(.vulnerable_configuration_cpe_2_2 | contains(["2.4.38"]))' search1.json) | jq -r '.[] | "\(.summary)"'
but it gives me error
jq: error (at <stdin>:1): Cannot index string with string "summary"
I already researched about this and tried modifying this command but it sometimes gives me compilation error. I am sure I am making very stupid mistake somewhere
Expected Output
ID CWE CVSS Summary
xyz xyz xyz xyzxyzxyz
I figured it out myself
The correct command is
echo $(jq '.data[] | select(.vulnerable_configuration_cpe_2_2 | contains(["2.4.38"]))' search1.json) | jq -r '. | "\(.summary)"'
After jq -r there should be a . and not .[]
This question already has answers here:
jq: pass string argument without quotes
(3 answers)
Closed 4 years ago.
How do I pass a variable argument to JQ program that will be used as a filter. Since by default --arg passes the argument as a a string wrapped with quotes the same cannot be used to apply a filter.
here is the JQ program that finds a particular path in the given json and adds a static key value to that path but doesn't work because of the quotes issue.
--argjson name '{ "pattern": "XYZ"}' 'def p: "." + (paths | select(.[-1] == "p-enum") | .[0:-1] | join(".")) ; .|p += $name' sample.json
here is the sample json
{
"type": "object",
"description": "Contains information.",
"properties": {
"type": {
"description": "Type.",
"type": "string",
"p-enum": [
{
"value": "IND",
"description": "Ind."
},
{
"value": "PROP",
"description": "Prop."
}
]
}
}
}
Based on how I interpreted how you were using jq in your other question, it depends on how complicated your filter will be. Any argument that is to be interpreted by jq is not the way you should approach it. This is the equivalent of using eval() and is not only unsupported, but just not a good way to approach this.
If you're simply accessing a property of the input, you have a couple of ways using simple indexing or using getpath/1 for nested paths.
# indexing
# { "properties": ... }
$ jq --arg p 'properties' '.[$p]' input.json
# using getpath
# { "foo": { "bar": ... } }
$ jq --argjson path '["foo","bar"]' 'getpath($path)' input.json
I have the following output from a curl request which can differ based on success / failure of the request
Success:
{
"name": "appId (xxxxx-xxx-1234)",
"sent": 7939246,
"received": 6673490,
"details": [
{
"timestamp": "20180201000041",
"sentbytes": 1805,
"receivedbytes": 1485
}
]}
Failure:
{
"error": "Not found"
}
Can someone let me know how to check whether sent or error exists. I have tried
jq '. | select (.error | .sent)
but that does not seem to be the correct syntax.
Even shorter (no need for additional pipes):
jq '.sent or .error'
The output:
true
You were close.
jq '. | select(.error or .sent)'