Description
Overview
ESQL currently lacks native support for parsing and manipulating JSON or XML fields on the fly. Adding a JQ-like command, named ESJQ, would enable users to extract, filter, and transform deeply nested JSON or XML data directly within queries.
The ESJQ command would provide full power to extract any leaf node, filter arrays, modify structures, and more—similar to the popular jq tool for JSON.
Proposed Syntax
| ESJQ <field> <jq_expression>
<field>: JSON or XML field to process<jq_expression>: JQ-style filter expression
Example Usage
Extract nested JSON leaf node:
| ESJQ user_info '.user.details.address.city'
Filter array elements by condition:
| ESJQ event_data '.events[] | select(.type == "login")'
Add or modify JSON structure:
| ESJQ user_info '. + { "isActive": .status == "active" }'
Parse XML (if supported) and extract node:
| ESJQ xml_field 'fromxml | .root.element'
Benefits
- Enables powerful, flexible, on-the-fly JSON/XML transformations inside ESQL queries.
- Eliminates need for external preprocessing.
- Leverages full jq power to extract any nested leaf node or structure.
- Simplifies complex data analysis workflows involving structured fields.
Description
Overview
ESQL currently lacks native support for parsing and manipulating JSON or XML fields on the fly. Adding a
JQ-like command, namedESJQ, would enable users to extract, filter, and transform deeply nested JSON or XML data directly within queries.The
ESJQcommand would provide full power to extract any leaf node, filter arrays, modify structures, and more—similar to the popular jq tool for JSON.Proposed Syntax
<field>: JSON or XML field to process<jq_expression>: JQ-style filter expressionExample Usage
Extract nested JSON leaf node:
Filter array elements by condition:
Add or modify JSON structure:
Parse XML (if supported) and extract node:
Benefits