使用jq将json文件转换为csv

时间:2018-03-15 12:56:14

标签: json csv jq

我使用curl从他们的API中提取Alien Vault OTX脉冲,我收到的初始输出是json格式,我需要将这个json转换为csv,因为它可以被其他一些软件读取。我的目标是使用jq,正如许多人推荐的那样。

{   "count": 1210,   "next": "https://otx.alienvault.com/api/v1/pulses/subscribed?page=2",   "results": [
    {
      "industries": [],
      "tlp": "white",
      "description": "Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of the tools they use now feature new behaviors, including a change in the way they maintain a foothold in the targeted network.",
      "created": "2018-03-14T17:24:48.014000",
      "tags": [
        "china",
        "keyboy",
        "tropic trooper"
      ],
      "modified": "2018-03-14T17:24:48.014000",
      "author_name": "AlienVault",
      "public": 1,
      "extract_source": [],
      "references": [
        "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
      ],
      "targeted_countries": [],
      "indicators": [
        {
          "indicator": "CVE-2018-0802",
          "description": "",
          "created": "2018-03-14T17:25:03",
          "title": "",
          "content": "",
          "type": "CVE",
          "id": 406248965
        },
        {
          "indicator": "fb9c9cbf6925de8c7b6ce8e7a8d5290e628be0b82a58f3e968426c0f734f38f6",
          "description": "",
          "created": "2018-03-14T17:25:03",
          "title": "",
          "content": "",
          "type": "FileHash-SHA256",
          "id": 438581959
        }
      ],
      "more_indicators": false,
      "revision": 1,
      "adversary": "Tropic Trooper",
      "id": "5aa95ae02781860367e354e4",
      "name": "Tropic Troopers New Strategy"
    }

我希望使用jq来提取某些字段并转换为csv。我的预期输出看起来像是:

"CVE-2018-0802","CVE"
"tibetnews.today","domain"
"02281e26e89b61d84e2df66a0eeb729c5babd94607b1422505cd388843dd5456","FileHash-SHA256"

到目前为止,我已经尝试过:

<AV.json jq -r '.results.indicators[] | [.indicator, .type] | @csv' AV.csv

非常感谢任何帮助。

干杯,

乔治

1 个答案:

答案 0 :(得分:1)

.results是一个数组,所以你也必须扩展它。这可以通过以下方式完成:

 .results[] | .indicators[] | [.indicator, .type] | @csv

或更紧凑:

 .results[].indicators[] | [.indicator, .type] | @csv

您还必须将输出定向到指定的文件,例如:

  jq -r -f program.jq < AV.json > AV.csv

输出

"CVE-2018-0802","CVE"
"fb9c9cbf6925de8c7b6ce8e7a8d5290e628be0b82a58f3e968426c0f734f38f6","FileHash-SHA256"
相关问题
最新问题