![]() “type_description”: “A user visited a potential phishing domain. ![]() “title”: “Account ? visited a suspicious link” “type_description”: “A user has accessed a link URL on a tracked threat list.” “type”: “Account Visits Suspicious Link”, This is what you need: jq -r '.hostcomponents map (.HostRoles. HostRoles.hostname join (',')' No, that's wrong. The error received is not always the same, however, if I apply the same filter is a jq query tester online, using the same exact JSON being fed to the plugin, the output array does process perfectly. 4 Answers Sorted by: 135 Do it in jq, but see Kusalananda's answer first jq -r '.hostcomponents. I have the same issue when extracting specific keys from objects using a similar filter. The input is an array of objects as seen below. The error in this particular case is: ‘action input JSON was invalid’. the expected output should be an array of strings. Somehow when running a jq query on the data below (which is only a subset of the larger JSON) to extract and output only an array of IDs, I receive errors. To consume the results in your workflow as json, you can just run the results through a type converter 'string to object` step. If you’re familiar with powershell and piping objects from commandlet to commandlet, this should be a familiar pattern.įinally, in InsightConnect, the jq plugin produces a string. You can think of it as creating a new json object. The pipe operator ( |) takes the output from the previous statement as the input to the current one. In this example, we’ve leveraged a select statement and we’ve converted our string to lower-case so we don’t have to worry about a key coming through in mixed case. "answer": "I've got a bad case of the Mondays!" For example, if a plugin returns something like this: Sometimes we just need the same data in a new format. Perhaps an example is the best place to get started: jq is someplace between a query language and a template language - it incorporates elements of both with templated output but also with select-style filtering. Depending on how you structure your query, it can output valid json or simple text. ![]() It can be used to filter, reformat, and extract data from within a json object. Jq is a tool for searching json data and reformatting it into various output formats. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |