This tool allows you to filter dnstap data using JSON Pointer expressions and get the matching data printed in a JSON format.
This allows you to for example filter on a combination of question name and specific DNS message ID like so:
$ dtq -file file.dnstap -filter '"/Msg/Question/0/Name" == "www.domain.example." and "/Msg/MsgHdr/Id" == 1337'
{
"Dnstap": {
"type": 1,
"message": {
"type": 6,
"socket_family": 2,
[...]
}
},
"Msg": {
"Id": 1337,
"Response": true,
"Opcode": 0,
"Authoritative": false,
"Truncated": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Zero": false,
"AuthenticatedData": false,
"CheckingDisabled": false,
"Rcode": 0,
"Question": [
{
"Name": "www.domain.example.",
"Qtype": 1,
"Qclass": 1
}
],
[...]
}
}