鉴于下面显示的JSON摘录,我可以使用jtc
提取这些字段。但是我无法获得下面的“状态:问题”字段。感谢您的帮助。
<events.json jtc -w'<title>l' -w'<^environment:>R' -w'<host>l' -w'<date_happened>l' -w'<^name:>R' -w'<Status:>l'
"CPU Utilization Alert is ok on 50 over 50 host,names"
"environment:prod"
"i-0e4b192579a9b423b"
1573502725
"name:app2_backend-prod"
{
"events": [
{
"alert_type": "success",
"children": [
{
"alert_type": "error",
"date_happened": 1573502725,
"id": "5188183926379101887"
},
{
"alert_type": "success",
"date_happened": 1573503145,
"id": "5188190972457497744"
}
],
"comments": [],
"date_happened": 1573502725,
"device_name": null,
"host": "i-0e4b192579a9b423b",
"id": 5188183933173874377,
"is_aggregate": true,
"priority": "normal",
"resource": "/api/v1/events/5188183933173874377",
"source": "Monitor Alert",
"tags": [
"autoscaling_group:app2_backend-asg-prod",
"availability-zone:us-east-1b",
"datadog-agent:true",
"environment:prod",
"host:i-0e4b192579a9b423b",
"iam_profile:app2_backend_instance_profile",
"image:ami-2769055d",
"instance-type:m4.large",
"kernel:none",
"monitor",
"name:app2_backend-prod",
"region:us-east-1",
"role:app2_backend",
"security-group:sg-04bacd76",
"security-group:sg-0a30f49295ece70c9",
"security-group:sg-0c121cf3defc0b22d",
"security-group:sg-249eb156",
"security-group:sg-2f4e4f5c",
"security-group:sg-af82addd",
"security-group:sg-b6c7ddc4",
"security-group:sg-cf85aabd",
"siteconfig:true"
],
"text": "%%%\nQuery recovered on host:i-0e4b192579a9b423b,name:app2_backend-prod \n\n![snapshot](https://p.datadoghq.com/snapshot/view/dd-snapshots-prod/org_125488/2019-11-11/87f3217c72423a6ba45a1e8e096bb07ff02c08f3.png)\n\n{{#is_alert}} \nStatus: Problem\nHost: {{name.name}} \nHost ID: {{host.name}}\nHost IP: {{host.ip}}\n{{/is_alert}}\n\n{{#is_warning}} \nStatus: Problem\nHost: {{name.name}} \nHost ID: {{host.name}}\nHost IP: {{host.ip}}\n{{/is_warning}}\n\n\n{{#is_recovery}} \nStatus: OK\nHost: {{name.name}} \nHost ID: {{host.name}}\nHost IP: {{host.ip}}\n{{/is_recovery}}\n\n @bbarton@signatureinfo.com\n\n- - -\n\n[[Monitor Status](/monitors#2785042?)] \u00b7 [[Edit Monitor](/monitors#2785042/edit)] \u00b7 [[Related Logs](/logs?query=)]\n%%%",
"title": "CPU Utilization Alert is ok on 50 over 50 host,names",
"url": "/event/event?id=5188183933173874377"
},
答案 0 :(得分:0)
在Status: Problem
字段中有两次text
的遭遇,假设您希望使用正则表达式搜索可以在两者之间输入文本:
bash $ <events.json jtc -w'[text]:<nStatus: Problem(.*)(?=Status: Problem)>R' -T'{{$1}}'
"\nHost: {{name.name}} \nHost ID: {{host.name}}\nHost IP: {{host.ip}}\n{{/is_alert}}\n\n{{#is_warning}} \n"
bash $
您还可以通过添加-qq
选项取消对文本的引用:
bash $ <events.json jtc -w'[text]:<nStatus: Problem(.*)(?=Status: Problem)>R' -T'{{$1}}' -qq
Host: {{name.name}}
Host ID: {{host.name}}
Host IP: {{host.ip}}
{{/is_alert}}
{{#is_warning}}
bash $
结果查询如下:
bash $ <events.json jtc -w'<title>l' -w'<^environment:>R' -w'<host>l' -w'<date_happened>l' -w'<^name:>R' -w'[text]:<Status: Problem(.*)(?=Status: Problem)>R' -T'{{$1}}'
"CPU Utilization Alert is ok on 50 over 50 host,names"
"environment:prod"
"i-0e4b192579a9b423b"
1573502725
"name:app2_backend-prod"
"\nHost: {{name.name}} \nHost ID: {{host.name}}\nHost IP: {{host.ip}}\n{{/is_alert}}\n\n{{#is_warning}} \n"
bash $