dnsdbq -V summarize doesn't identify query in JSON Lines output

Question

dnsdbq -V summarize doesn't identify query in JSON Lines output

stsauver opened this issue 2 years ago · 2 comments

Hi,

Assume you're running a set of dnsdbq -V summarize queries:

dnsdbq -r \*.firstdomain.tld -l0 -A90d -j -V summarize > output.jsonl
dnsdbq -r \*.seconddomain.tld -l0 -A90d -j -V summarize >> output.jsonl
[...]
dnsdbq -r \*.lastdomain.tld -l0 -A90d -j -V summarize >> output.jsonl

The results in output.jsonl are untagged as to the searched-for-term, e.g.:

{"count":63398,"num_results":1,"time_first":"2019-09-10 01:38:27","time_last":"2023-04-07 18:58:56"}
{"count":10403,"num_results":1,"time_first":"2020-01-14 09:17:13","time_last":"2023-04-07 05:55:08"}
[...]
{"count":487837,"num_results":1,"time_first":"2022-03-08 20:03:43","time_last":"2023-04-07 18:10:29"}

This makes it difficult to match the count and the num_results to the corresponding query, except by order of the queries and order of the responses.

Suggest including the RRname or Rdata search term as a field in that output (just as the RRname and Rdata get returned as part of the non-summarize'd "regular" dnsdbq query output), thereby making it easy to match summarize output with the query producing that output.

Thanks for considering this issue.

Answer 1 · 2023-04-10T22:19:40.000Z

would you prefer that the query term be added to the JSON result (which is otherwise unmodified from the API server), or that the API JSON result be encapsulated in a new JSON object having also the query term? or would it be better to ask the API server operator to add the query term to their JSON result? i'm fine with any of those outcomes, including, i'm willing to code up the first or the second.

Answer 2 · 2023-06-16T02:31:42.000Z

this was resolved by adding '-T qdetail'.