英文:
How to remove null values while extracting data with jq?
问题
以下是您要翻译的内容:
"Hi I am having a kubernets audit log file with . The log file has data as json records. I would like to parse the filter out the records.
The following is a sample couple of records in the file
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"60cc3bf1-a04e-4db3-a343-98aaaea8c4a5","stage":"ResponseComplete","requestURI":"/api/v1/serviceaccounts?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"7cded9c8-a35d-4e66-adf1-162ce37d5868","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.24.12 (linux/amd64) kubernetes/ef70d26","objectRef":{"resource":"serviceaccounts","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-04-06T15:10:46.594135Z","stageTimestamp":"2023-04-06T15:10:46.595016Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1af73bde-3a0f-437d-a468-49da772d619d","stage":"ResponseComplete","requestURI":"/apis/batch/v1/namespaces/restricted-namespace/jobs?fieldManager=helm","verb":"create","user":{"username":"kubernetes-admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["172.19.0.1"],"userAgent":"Go-http-client/2.0","objectRef":{"resource":"jobs","namespace":"restricted-namespace","name":"gateway-certgen","apiGroup":"batch","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2023-04-06T15:14:02.625749Z","stageTimestamp":"2023-04-06T15:14:02.632035Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"","pod-security.kubernetes.io/audit-violations":"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}}
I would like to filter out those records and print the values of the following field from each of the records.
.annotations.pod-security.kubernetes.io/audit-violations
i am using this command,
cat kube-apiserver-audit.log | jq '.annotations."pod-security.kubernetes.io/audit-violations"'
however it gives the followign output
null
null
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
null
null
null
null
any idea how can i remove the null values from the jq output ?"
请注意,上述内容已经排除了代码部分,只提供了翻译好的文本。如果您需要任何其他帮助,请随时告诉我。
英文:
Hi I am having a kubernets audit log file with . The log file has data as json records. I would like to parse the filter out the records.
The following is a sample couple of records in the file
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"60cc3bf1-a04e-4db3-a343-98aaaea8c4a5","stage":"ResponseComplete","requestURI":"/api/v1/serviceaccounts?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"7cded9c8-a35d-4e66-adf1-162ce37d5868","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.24.12 (linux/amd64) kubernetes/ef70d26","objectRef":{"resource":"serviceaccounts","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-04-06T15:10:46.594135Z","stageTimestamp":"2023-04-06T15:10:46.595016Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1af73bde-3a0f-437d-a468-49da772d619d","stage":"ResponseComplete","requestURI":"/apis/batch/v1/namespaces/restricted-namespace/jobs?fieldManager=helm","verb":"create","user":{"username":"kubernetes-admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["172.19.0.1"],"userAgent":"Go-http-client/2.0","objectRef":{"resource":"jobs","namespace":"restricted-namespace","name":"gateway-certgen","apiGroup":"batch","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2023-04-06T15:14:02.625749Z","stageTimestamp":"2023-04-06T15:14:02.632035Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"","pod-security.kubernetes.io/audit-violations":"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}}
I would like to filter out those records and print the values of the following field from each of the records.
.annotations.pod-security.kubernetes.io/audit-violations
i am using this command,
cat kube-apiserver-audit.log | jq '.annotations."pod-security.kubernetes.io/audit-violations"'
however it gives the followign output
null
null
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
null
null
null
null
any idea how can i remove the null values from the jq output ?
thank you
答案1
得分: 5
The values filter (see the manual) does exactly that, filtering out nulls while keeping the "values":
.annotations."pod-security.kubernetes.io/audit-violations" | values
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "certgen" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "certgen" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")"
英文:
The values filter (see the manual) does exactly that, filtering out nulls while keeping the "values":
.annotations."pod-security.kubernetes.io/audit-violations" | values
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
答案2
得分: 1
你可以使用select来过滤。
jq -r '.annotations."pod-security.kubernetes.io/audit-violations" | select(. != null)'
英文:
You can use select to filter.
jq -r '.annotations."pod-security.kubernetes.io/audit-violations" | select(. != null)'
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论