Searching array without using Index

We know that you would like to search for values inside arrays without having to specify an index, as the structure of the array can be dynamic and change in different log lines. So we listened. :slight_smile:

From today, you can search easier and faster, without any index need to be specified.

What that actually means?

Let’s take the easiest example.

"people": [{
    "name": "a",
    "age": 20,
    "languages": ["english", "french"],
    "gadgets": {
        "computer": "mac",
        "phone": "apple"
    "name": "b",
    "age": 21,
    "languages": ["spanish", "german"]

And you wanted to search for the value “a” or even value “English”

where( = "a" OR ="a")

where(people.0.languages.0="english" OR people.0.languages.1="english")

Looks long and complicated?

Now you can query in the most readable and fastest way.

where(people.*.name = "a")


where(people.*.name = /regex/)

Let us know what do you think :slight_smile:

Array search
Array search IP range


This is great and a huge help when the values we are looking for in the logs don’t line up in the same keyword throughout all the logs, although keep in mind, you can not groupby(people.*.name).