I am parsing Elastic logs that look like
$ cat my_log_file.txt:{"level": "INFO", "message": "foo"}{"level": "WARN", "message": "bar"}{"level": "WARN", "message": "baz"}Because they're one per line, formerly I have used jq -s to slurp them into an actual array that I can run map on:
jq -s 'map(.message) | unique' my_log_file.txtNow I want to select out only lines that have level != "INFO". I should be able to just use this cookbook recipe, but again jq is having trouble with each line being a separate object and not in an array.
I can't use slurp, because it doesn't work with this command:
jq 'select(."level" != "INFO")' my_log_file.txtBut when I want to map to .message again, I get the same error I got before when I wasn't using slurp:
$ jq 'select(."level" != "INFO") | map(.message) | unique' my_log_file.txtjq: error (at <stdin>:90): Cannot index string with string "message"How can I convert my records midstream -- after the select is done, to convert the result from
{"level": "WARN", "message": "bar"}{"level": "WARN", "message": "bar"}to
[ {"level": "WARN", "message": "bar"}, {"level": "WARN", "message": "bar"}]I heard that inputs was designed to replace slurp, but when I tried
$ jq 'select(."level" != "INFO") | [inputs]' my_log_file.txtthat ignored my select and I had a list of every message again.