{"id":16421749,"url":"https://github.com/peppelinux/pyjq","last_synced_at":"2025-10-26T22:30:44.302Z","repository":{"id":62581160,"uuid":"253654227","full_name":"peppelinux/pyjq","owner":"peppelinux","description":"A simple Python package to Query over Json Data","archived":false,"fork":false,"pushed_at":"2020-04-09T14:05:31.000Z","size":70,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-24T20:37:32.188Z","etag":null,"topics":["django","json","wazuh"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peppelinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-07T01:13:46.000Z","updated_at":"2022-10-20T14:47:24.000Z","dependencies_parsed_at":"2022-11-03T20:48:53.275Z","dependency_job_id":null,"html_url":"https://github.com/peppelinux/pyjq","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fpyjq","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fpyjq/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fpyjq/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fpyjq/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peppelinux","download_url":"https://codeload.github.com/peppelinux/pyjq/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236604518,"owners_count":19175850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django","json","wazuh"],"created_at":"2024-10-11T07:34:39.835Z","updated_at":"2025-10-26T22:30:39.039Z","avatar_url":"https://github.com/peppelinux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pyjq\n\nA simple Python package to Query Json Data.\n\n## Features\n\n- Supports pure json files\n- Supports multiple json objects in a file, delimited by newlines (/n)\n- Supports gzipped files\n- Supports customizabile filters\n- Supports pure datetime range filters \n\n## Todo\n\nThe filters could be extended easily, adopting [Python3 stdlib operator](https://docs.python.org/3/library/operator.html).\nSee `pyjq.PyJQ.filter` to extend ops mapping.\n\n## Installation\n\n````\npip install pyjq-ng\n````\n## Example data\n\nSee `example/alerts.json`.\npyjq works on lines by lines (splitted by \\n).\nIt have been used for Wazuh alert json files and Django dumps.\n\n````\npyjq -j examples/django_dump.json -limit 2 -filter 'fields__original_url == https://google.com'\npyjq -j examples/django_dump.json -limit 2 -filter 'model == urlshortener.urlshortener'\n````\n\n## Usage\n\n'agent__name' it's an example of the namespace used by pyjq to access to nested childs. It other word it means `json['agent']['name']`.\nIt haven't limits on number of nested elements.\n\n\nApply some custom filters with AND and OR operators on Wazuh Alert file\n````\npyjq -j ../Scaricati/alerts.json -filter 'agent__ip == 172.16.16.102 and agent__name == telegram-gw or agent__ip == 172.16.16.108'\n````\n\nContains operator\n````\npyjq -j ../Scaricati/alerts.json -filter 'rule__description in iptables and agent__name == dev-bastion'\n````\n\nConvert a specified filed to a pure datetime object and filter in a specified range\n````\npyjq -j ../Scaricati/alerts.json -start_datetime 2020-04-06T10:22:00 -end_datetime 2020-04-06T13:22:00 -datetime_field timestamp\n````\n\nRealtime reading, it will only takes the latter entries, delimited by newline \\n\n````\npyjq -j /var/ossec/logs/alerts/alerts.json -datetime_field timestamp -realtime\n````\n\nUse a gzipped json file directly\n````\npyjq -j ../Scaricati/alerts.json.gzip\n````\n\nLimit results to 2 \n````\npyjq -j ../Scaricati/alerts.json  -limit 2\n````\n\nRealtime monitoring of a specific entity\n````\npyjq -j /var/ossec/logs/alerts/alerts.json -realtime -filter 'agent__name == tinyurl and rule__level == 3'\n````\n\nCustom callback, usefull for bot integration and other pub/sub APIs\n````\npython3 pyjq -j examples/alerts.json -realtime -filter 'agent__name == tinyurl and rule__description in ssh' -callback 'examples.callback.things'\n````\n\nReading from stdin\n````\ncat examples/alerts.json | python3 ./pyjq -filter 'rule__level \u003e 3'\n\n# continous processing\ntail -f  /tmp/alerts.json | python3 ./pyjq -filter 'location != osquery'\n````\n\n## Author\n\nGiuseppe De Marco \u003cgiuseppe.demarco@unical.it\u003e\n\n## Credits\n\nWazuh SIEM group @GarrLab\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fpyjq","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeppelinux%2Fpyjq","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fpyjq/lists"}