philippreston/gist:1be530df004d305fe42523ffa8dc4a50

Last active November 10, 2021 09:10

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/philippreston/1be530df004d305fe42523ffa8dc4a50.js"></script>
Save philippreston/1be530df004d305fe42523ffa8dc4a50 to your computer and use it in GitHub Desktop.

Download ZIP

JQ Search and Convert NanoSecond Epoch

Raw

gistfile1.txt

cat /audited_events.json | jq  -c '. | select((.type | contains("ARP")) and .metadata.ip_addr == "10.2.2.61") | (.timestamp /= 1000000000) | (.timestamp |= todate)' > arp_10.2.2.61.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment