如何在使用jq提取数据时去除空值?

huangapple go评论64阅读模式
英文:

How to remove null values while extracting data with jq?

问题

以下是您要翻译的内容:

"Hi I am having a kubernets audit log file with . The log file has data as json records. I would like to parse the filter out the records.

The following is a sample couple of records in the file

{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"60cc3bf1-a04e-4db3-a343-98aaaea8c4a5","stage":"ResponseComplete","requestURI":"/api/v1/serviceaccounts?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"7cded9c8-a35d-4e66-adf1-162ce37d5868","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.24.12 (linux/amd64) kubernetes/ef70d26","objectRef":{"resource":"serviceaccounts","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-04-06T15:10:46.594135Z","stageTimestamp":"2023-04-06T15:10:46.595016Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1af73bde-3a0f-437d-a468-49da772d619d","stage":"ResponseComplete","requestURI":"/apis/batch/v1/namespaces/restricted-namespace/jobs?fieldManager=helm","verb":"create","user":{"username":"kubernetes-admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["172.19.0.1"],"userAgent":"Go-http-client/2.0","objectRef":{"resource":"jobs","namespace":"restricted-namespace","name":"gateway-certgen","apiGroup":"batch","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2023-04-06T15:14:02.625749Z","stageTimestamp":"2023-04-06T15:14:02.632035Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"","pod-security.kubernetes.io/audit-violations":"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}}

I would like to filter out those records and print the values of the following field from each of the records.

.annotations.pod-security.kubernetes.io/audit-violations

i am using this command,

 cat kube-apiserver-audit.log | jq '.annotations."pod-security.kubernetes.io/audit-violations"'

however it gives the followign output

null
null
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
null
null
null
null

any idea how can i remove the null values from the jq output ?"

请注意,上述内容已经排除了代码部分,只提供了翻译好的文本。如果您需要任何其他帮助,请随时告诉我。

英文:

Hi I am having a kubernets audit log file with . The log file has data as json records. I would like to parse the filter out the records.

The following is a sample couple of records in the file

{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"60cc3bf1-a04e-4db3-a343-98aaaea8c4a5","stage":"ResponseComplete","requestURI":"/api/v1/serviceaccounts?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"7cded9c8-a35d-4e66-adf1-162ce37d5868","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.24.12 (linux/amd64) kubernetes/ef70d26","objectRef":{"resource":"serviceaccounts","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-04-06T15:10:46.594135Z","stageTimestamp":"2023-04-06T15:10:46.595016Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1af73bde-3a0f-437d-a468-49da772d619d","stage":"ResponseComplete","requestURI":"/apis/batch/v1/namespaces/restricted-namespace/jobs?fieldManager=helm","verb":"create","user":{"username":"kubernetes-admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["172.19.0.1"],"userAgent":"Go-http-client/2.0","objectRef":{"resource":"jobs","namespace":"restricted-namespace","name":"gateway-certgen","apiGroup":"batch","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2023-04-06T15:14:02.625749Z","stageTimestamp":"2023-04-06T15:14:02.632035Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"","pod-security.kubernetes.io/audit-violations":"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}}

I would like to filter out those records and print the values of the following field from each of the records.

.annotations.pod-security.kubernetes.io/audit-violations

i am using this command,

 cat kube-apiserver-audit.log | jq '.annotations."pod-security.kubernetes.io/audit-violations"'

however it gives the followign output

null
null
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
null
null
null
null

any idea how can i remove the null values from the jq output ?
thank you

答案1

得分: 5

The values filter (see the manual) does exactly that, filtering out nulls while keeping the "values":

.annotations."pod-security.kubernetes.io/audit-violations" | values
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "certgen" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "certgen" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")"

Demo

英文:

The values filter (see the manual) does exactly that, filtering out nulls while keeping the "values":

.annotations."pod-security.kubernetes.io/audit-violations" | values
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"

Demo

答案2

得分: 1

你可以使用select来过滤。

jq -r '.annotations."pod-security.kubernetes.io/audit-violations" | select(. != null)'
英文:

You can use select to filter.

jq -r '.annotations."pod-security.kubernetes.io/audit-violations" | select(. != null)'

huangapple
  • 本文由 发表于 2023年4月7日 01:25:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/75952221.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定