Skip to main content

choose

Description

The choose command removes all keypaths not explicitly specified. This allows you to extract and reshape only the data you need from a larger log document.

note

The choose command supports nested key paths and aliasing in the output, making it useful for simplifying complex documents.

Syntax

(choose|select) <keypath1> [as <new_keypath>], <keypath2> [as <new_keypath>], ...

Example

Use case: Extract, flatten, and transform key values from log documents

We have logs containing detailed HTTP request metadata, but we only want to keep a few key fields—specifically the request path, status code, and number of bytes received. We’ll also add a static field to mark the report author and perform a calculation to convert bytes to megabytes.

Example data

{
    "status_code": 200,
    "user": "Chris",
    "path": "/home",
    "http_request": {
        "metrics": {
            "bytes_metrics": {
            "bytes_received": 57819
            }
        }
    }
}

Example query

choose status_code, user as report_author

Example output

{
    "status_code": 200,
    "report_author": "Chris"
}

The choose command extracts only the requested fields, flattens nested keypaths, adds a calculated value, and includes a constant metadata field for easy tracking or reporting.

Was this page helpful?
Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.