From https://stedolan.github.io/jq/:
jq is like sed for JSON data - you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text.
We configure :ref:`zeek` and :ref:`suricata` to write logs to /nsm/ in JSON format. If you want to parse those logs from the command line, then you can use jq. Here's a basic example:
jq '.' /nsm/zeek/logs/current/conn.log
This command will parse all of the records in /nsm/zeek/logs/current/conn.log. For each of the records, it will then output every field and its value.
Note
For more information about jq, please see https://stedolan.github.io/jq/.