One of our services produces logs of the form:
{
"level": \d+
...
"data": {
"items": [ {...item}, {...item} ...],
...
"otherKey": null
}
"msg": "searchable log message"
}
note that the value for otherKey
is not quoted
how would I find logs where data.items is an empty array? I can’t find any sort of array length filters.
How would I find where data.otherKey is null? | json key="data.otherKey" | key = null
results in a parsing error.