0

我需要从下面的 json 中提取一些字段。这是来自 aws cloudtrail,我很难弄清楚这一点。

我需要的字段是:

userIdentity.userName
eventTime
awsRegion
sourceIPAddress
responseElements.ConsoleLogin
eventID

JSON

{
  "eventVersion": "x.xx",
  "userIdentity": {
    "type": "xxxxxxxxxx",
    "principalId": "xxxxxxxxxx",
    "arn": "xxxxxxxxxx",
    "accountId": "xxxxxxxxxx",
    "userName": "xxxxxxxxxx"
  },
  "eventTime": "2020-07-15T08:50:35Z",
  "eventSource": "signin.amazonaws.com",
  "eventName": "ConsoleLogin",
  "awsRegion": "xxxxxxxxxx",
  "sourceIPAddress": "xxxxxxxxxx",
  "userAgent": "xxxxxxxxxx",
  "requestParameters": null,
  "responseElements": {
    "ConsoleLogin": "Success"
  },
  "additionalEventData": {
    "LoginTo": "xxxxxxxxxx",
    "MobileVersion": "xxxxxxxxxx",
    "MFAUsed": "xxxxxxxxxx"
  },
  "eventID": "xxxxxxxxxx",
  "eventType": "xxxxxxxxxx",
  "recipientAccountId": "xxxxxxxxxx"
}
4

1 回答 1

0 
aws --region <region> cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=ConsoleLogin --max-items 1 --output json | \
jq -r .Events[].CloudTrailEvent | \
jq '.userIdentity.userName, .eventTime, .awsRegion, .sourceIPAddress, .responseElements.ConsoleLogin, .eventID'
于 2020-07-15T11:18:09.120 回答