Getting "Human" (ISO8601) Datetime Stamps From dnsdbq JSON lines-formatted Output

← Blog Home

RSS

By

1. Introduction

dnsdbq is a popular command-line client for accessing DNSDB API. dnsdbq can produce output in presentation format, CSV format, or JSON lines format. One issue that users sometimes run into when using the JSON lines format is that timestamps in the JSON lines format are left "raw," in "Unix epoch seconds." For example, let's look at one record from DNSDB for www.reed.edu in JSON lines format:

$ dnsdbq -r www.reed.edu -j -l 1
{"count":897725,"time_first":1277399572,"time_last":1540409659,"rrname":"www.reed.edu.","rrtype":"A","bailiwick":"reed.edu.","rdata":["134.10.2.252"]}

While there's nothing "wrong" or "improper" about timestamps expressed as Unix epoch seconds, many of us will prefer to convert them to a more easily read format, such as ISO8601 datetime format.

2. jq To The Rescue

jq is an oft-used tool for post-processing JSON Lines output. In this case, we'll use jq to reformat the Unix epoch second time stamps to ISO8601 dates. There are "many ways to get to the same place" in jq, but one solution to this problem is the following succinct transformation (.time_first |= todate)?//. applied to each of the four timefields that can be in dnsdbq’s output.

We’ll make this into a jq function rewrite_dates and save it into the jq init file. Create file ~/.jq (or append to an existing one) containing:

def rewrite_dates:
(.time_first |= todate)?//.
 | (.time_last |= todate)?//.
  | (.zone_time_first |= todate)?//.
   | (.zone_time_last |= todate)?//.;

Here's how to use it:

$ dnsdbq -r www.reed.edu -j -l 1 | jq rewrite_dates
{
  "count": 898126,
  "time_first": "2010-06-24T17:12:52Z",
  "time_last": "2018-10-25T19:52:55Z",
  "rrname": "www.reed.edu.",
  "rrtype": "A",
  "bailiwick": "reed.edu.",
  "rdata": [
    "134.10.2.252"
  ]
}

3. Conclusion

We hope this article has helped eliminate one potential problem when it comes to using dnsdbq, namely the issue of raw Unix epoch-second-format dates in JSON Lines format output. We also hope this article may inspire you to investigate the power of jq, and its many cool and useful capabilities.

David Waitzman is a Senior Distributed Systems Engineer for Farsight Security, Inc..


← Blog Home

Want to learn more?

Protect against cybercriminal activity in real-time.

Request a free demo