AWSのcloudtrailのイベントをCLIで取得しようとすると、結果がJson形式で出力されます。
そのままですと見づらいので「Username」「EventTime」「EventName」のみを出力させるため、以下のようにコマンドを実行しました。
aws cloudtrail lookup-events --output json | jq '.Events[]' | jq '.Username,.EventTime,.EventName'
この場合、「Username」「EventTime」「EventName」が1行にまとまらず、改行が入ってしまいます。
===
"root"
1433738037
"RebootInstances"
===
これを、"root":1433738037:"RebootInstances"のように1行に出力させたいのですが、どのようにコマンドを実行すればよいのでしょうか。
■以下、JSON形式の出力結果(一部値を変更しています)
{
"Events": [
{
"EventId": "452ee0a8-4897-4145-b0f5-123456789",
"Username": "root",
"EventTime": 1433738037.0,
"CloudTrailEvent": "{"eventVersion":"1.02","userIdentity":{"type":"Root","principalId":"123456789","arn":"arn:aws:iam::123456789:root","accountId":"123456789","accessKeyId":"hogehoge","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2015-06-08T04:31:59Z"}}},"eventTime":"2015-06-08T04:33:57Z","eventSource":"ec2.amazonaws.com","eventName":"RebootInstances","awsRegion":"ap-northeast-1","sourceIPAddress":"1.2.3.4","userAgent":"console.ec2.amazonaws.com","requestParameters":{"instancesSet":{"items":[{"instanceId":"i-123456"}]}},"responseElements":{"_return":true},"requestID":"5cf67047-3035-4543-ae15-123456789","eventID":"452ee0a8-4897-4145-b0f5-123456789","eventType":"AwsApiCall","recipientAccountId":"123456789"}",
"EventName": "RebootInstances",
"Resources": [
{
"ResourceType": "AWS::EC2::Instance",
"ResourceName": "i-123456"
}
]
},
{
"EventId": "f3094eba-c427-4d28-900e-123456789",
"Username": "root",
"EventTime": 1433737919.0,
"CloudTrailEvent": "{"eventVersion":"1.02","userIdentity":{"type":"Root","principalId":"123456789","arn":"arn:aws:iam::123456789:root","accountId":"123456789"},"eventTime":"2015-06-08T04:31:59Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-1","sourceIPAddress":"1.2.3.4","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36","requestParameters":null,"responseElements":{"ConsoleLogin":"Success"},"additionalEventData":{"LoginTo":"https://console.aws.amazon.com/console/home?nc2\u003dh_m_mc\u0026state\u003dhashArgs%23\u0026isauthcode\u003dtrue","MobileVersion":"No","MFAUsed":"No"},"eventID":"f3094eba-c427-4d28-900e-123456789","eventType":"AwsApiCall","recipientAccountId":"123456789"}",
"EventName": "ConsoleLogin",
"Resources": []
}
]
}
回答2件
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。
2015/06/09 00:56