search

TomonoriSoejima / Tejun

notes related to working cases
5 stars 3 forks source link

some jq that sometimes I need to recreate. #106

Open TomonoriSoejima opened 1 year ago

TomonoriSoejima commented 1 year ago 
cat ./commercial/ilm_policies.json | jq 'to_entries[] | select(.key == ".monitoring-8-ilm-policy") | .value'

cat api-diagnostics-20230217-020719/commercial/ilm_policies.json | jq -r  'to_entries[] | select(.key == ".monitoring-8-ilm-policy") | .value.in_use_by.indices[]' 

cat commercial/security_roles.json  | jq  'to_entries[] | select(.key == "Datadog-Role")'  | less

cat local-diagnostics-20230303-052529/settings.json | jq 'to_entries[].value | select((.settings.index.routing.allocation.include._tier_preference)| not)'

cat pipelines.json | jq -r  'to_entries[] | select(.key == "filebeat-7.17.6-fortinet-sec-firewall-pipeline")' > filebeat-7.17.6-fortinet-sec-firewall-pipeline.json
TomonoriSoejima commented 1 year ago

looking around legacy template templates.json 

cat templates.json | jq 'to_entries[] | select(.key == "monitoring-data") | .value'
cat templates.json | jq 'to_entries[] | select(.key == ".monitoring-es") | .value | del(.mappings)'
TomonoriSoejima commented 11 months ago

LM har file

cat new.kb.asia-northeast1.gcp.cloud.es.io.har | jq '.log.entries[].request | select (.url | contains("anomaly_search")) | .postData.text' | less

cat new.kb.asia-northeast1.gcp.cloud.es.io.har | jq '.log.entries[].request | select (.url | contains("anomaly_search")) | .postData' | jq -s .[0].text

cat new.kb.asia-northeast1.gcp.cloud.es.io.har | jq '.log.entries[].request | select (.url | contains("anomaly_search")) | .postData' | jq -sr .[0].text | jq 

{
  "query": {
    "body": {
      "size": 0,
      "query": {
        "bool": {
          "filter": [
            {
              "query_string": {
                "query": "result_type:model_plot",
                "analyze_wildcard": true
              }
            },
            {
              "bool": {
                "must": [
                  {
                    "term": {
                      "job_id": "tomoresponse_code_rates"
                    }
                  },
                  {
                    "range": {
                      "timestamp": {
                        "gte": 1691884800000,
                        "lte": 1692781199999,
                        "format": "epoch_millis"
                      }
                    }
                  },
                  {
                    "term": {
                      "partition_field_name": "response.keyword"
                    }
                  },
                  {
                    "term": {
                      "partition_field_value": "200"
                    }
                  }
                ],
                "should": [
                  {
                    "term": {
                      "detector_index": 0
                    }
                  },
                  {
                    "bool": {
                      "must_not": [
                        {
                          "exists": {
                            "field": "detector_index"
                          }
                        }
                      ]
                    }
                  }
                ],
                "minimum_should_match": 1
              }
            }
          ]
        }
      },
      "aggs": {
        "times": {
          "date_histogram": {
            "field": "timestamp",
            "fixed_interval": "3600000ms",
            "min_doc_count": 0
          },
          "aggs": {
            "actual": {
              "avg": {
                "field": "actual"
              }
            },
            "modelUpper": {
              "max": {
                "field": "model_upper"
              }
            },
            "modelLower": {
              "min": {
                "field": "model_lower"
              }
            }
          }
        }
      }
    }
  },
  "jobIds": [
    "tomoresponse_code_rates"
  ]
}
TomonoriSoejima commented 4 months ago

cat nodes.json | jq -r '.nodes | to_entries | map(select(.value.roles | index("data_hot"))) | map(.value.name) | .[]'

instance-0000000046
instance-0000000045
instance-0000000035
instance-0000000047
instance-0000000059
instance-0000000062
instance-0000000034
instance-0000000044
instance-0000000061
instance-0000000063
instance-0000000060
instance-0000000043
TomonoriSoejima commented 4 months ago

jq '.index_templates[] | select(.index_template.template.settings.index.number_of_replicas != null and .index_template.template.settings.index.number_of_replicas != "8") | del(.index_template.template.mappings, .index_template.template.settings.index.query)' index_templates.json