AJM.MARTINEZ's questions

我有以下 JSON（基于 NDPI 输出）

{
    "src_ip": "x.x.x.x",
    "dest_ip": "x1.x1.x1.x1",
    "src_port": 48318,
    "dst_port": 443,
    "ip": 4,
    "proto": "TCP",
    "ndpi": {
        "flow_risk": {
            "35": {
                "risk": "Susp Entropy",
                "severity": "Medium",
                "risk_score": {
                    "total": 210,
                    "client": 165,
                    "server": 45
                }
            }
        },
        "confidence": {
            "1": "Match by port"
        },
        "proto": "TLS",
        "proto_id": "91",
        "proto_by_ip": "Unknown",
        "proto_by_ip_id": 0,
        "encrypted": 1,
        "breed": "Safe",
        "category_id": 5,
        "category": "Web"
    },
    "detection_completed": 1,
    "check_extra_packets": 0,
    "flow_id": 0,
    "first_seen": 1733074272.824,
    "last_seen": 1733074282.757,
    "duration": 9.933,
    "vlan_id": 0,
    "bidirectional": 1,
    "xfer": {
        "data_ratio": -0.958,
        "data_ratio_str": "Download",
        "src2dst_packets": 1268,
        "src2dst_bytes": 86239,
        "src2dst_goodput_bytes": 2551,
        "dst2src_packets": 2693,
        "dst2src_bytes": 4042956,
        "dst2src_goodput_bytes": 3865218
    },
    "iat": {
        "flow_min": 1,
        "flow_avg": 6.1,
        "flow_max": 4005,
        "flow_stddev": 108.3,
        "c_to_s_min": 0,
        "c_to_s_avg": 7.4,
        "c_to_s_max": 4005,
        "c_to_s_stddev": 137.8,
        "s_to_c_min": 0,
        "s_to_c_avg": 1.4,
        "s_to_c_max": 35,
        "s_to_c_stddev": 2.2
    },
    "pktlen": {
        "c_to_s_min": 66,
        "c_to_s_avg": 68.0,
        "c_to_s_max": 514,
        "c_to_s_stddev": 28.8,
        "s_to_c_min": 66,
        "s_to_c_avg": 1501.3,
        "s_to_c_max": 1506,
        "s_to_c_stddev": 76.6
    },
    "tcp_flags": {
        "cwr_count": 0,
        "ece_count": 0,
        "urg_count": 0,
        "ack_count": 3961,
        "psh_count": 1323,
        "rst_count": 0,
        "syn_count": 0,
        "fin_count": 0,
        "src2dst_cwr_count": 0,
        "src2dst_ece_count": 0,
        "src2dst_urg_count": 0,
        "src2dst_ack_count": 1268,
        "src2dst_psh_count": 7,
        "src2dst_rst_count": 0,
        "src2dst_syn_count": 0,
        "src2dst_fin_count": 0,
        "dst2src_cwr_count": 0,
        "dst2src_ece_count": 0,
        "dst2src_urg_count": 0,
        "dst2src_ack_count": 2693,
        "dst2src_psh_count": 1316,
        "dst2src_rst_count": 0,
        "dst2src_syn_count": 0,
        "dst2src_fin_count": 0
    },
    "c_to_s_init_win": 0,
    "s_to_c_init_win": 0
}

我可以获得几乎所有的信息（src_ip，端口等），但有一件事与“flow_risk”有关

{"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium"

与数字（本例中为 35）相关。此数字可能不同（从 01 到 50），我不知道如何过滤以搜索不同的数字。

目前，我正在使用的过滤器

cat data.json | jq -r '"\(.src_ip),\(.src_port),\(.dest_ip),\(.dst_port),\(.proto),\(.ndpi.proto),\(.ndpi.category),\(.ndpi.hostname),\(.duration),\(.vlan_id),\(.xfer.src2dst_bytes),\(.xfer.dst2src_bytes),\(.ndpi.flow_risk."35".risk),\(.ndpi.flow_risk."35".severity)"')

当数字正好是 35 时，此方法有效，但是是否有机会使用类似 jQ 的通配符？

我的意思是我怎样才能接受多个数字？（例如：从 01 到 50 搜索？）

类似于

\(.ndpi.flow_risk."*".risk),\(.ndpi.flow_risk."*".severity)"')

谢谢 ！