Alerts by .src_ip
echo;jq -c 'select(.alert)|[.src_ip,.alert.signature]' eve.json | tr -d '"[]' | grep -v '\:' | sort| uniq |sed '1i ip,alerta' | csvjson | jq ' group_by(.ip)[] | {(.[0].ip): [.[] |.alerta]}' | tr -d '"[]' | egrep -v '{|}' | colout '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' orange reverse
