Sta*_*min 1 linux null json jq
您好,我有一个 kubernets 审核日志文件,扩展名为 . 日志文件包含 json 记录数据。我想解析过滤器中的记录。
以下是文件中的示例记录
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"60cc3bf1-a04e-4db3-a343-98aaaea8c4a5","stage":"ResponseComplete","requestURI":"/api/v1/serviceaccounts?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"7cded9c8-a35d-4e66-adf1-162ce37d5868","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.24.12 (linux/amd64) kubernetes/ef70d26","objectRef":{"resource":"serviceaccounts","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-04-06T15:10:46.594135Z","stageTimestamp":"2023-04-06T15:10:46.595016Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1af73bde-3a0f-437d-a468-49da772d619d","stage":"ResponseComplete","requestURI":"/apis/batch/v1/namespaces/restricted-namespace/jobs?fieldManager=helm","verb":"create","user":{"username":"kubernetes-admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["172.19.0.1"],"userAgent":"Go-http-client/2.0","objectRef":{"resource":"jobs","namespace":"restricted-namespace","name":"gateway-certgen","apiGroup":"batch","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2023-04-06T15:14:02.625749Z","stageTimestamp":"2023-04-06T15:14:02.632035Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"","pod-security.kubernetes.io/audit-violations":"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}}
我想过滤掉这些记录并打印每个记录中以下字段的值。
.annotations.pod-security.kubernetes.io/audit-violations
我正在使用这个命令,
cat kube-apiserver-audit.log | jq '.annotations."pod-security.kubernetes.io/audit-violations"'
但是它给出了以下输出
null
null
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
null
null
null
null
知道如何从 jq 输出中删除空值吗?谢谢
过滤values器(参见手册)正是这样做的,过滤掉nulls 同时保留“值”:
.annotations."pod-security.kubernetes.io/audit-violations" | values
"would violate PodSecurity \"restricted:v1.24\": allowPrivilegeEscalation != false (container \"certgen\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"certgen\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"certgen\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"