jq Cheatsheet

Power user.

Overview

jq is the command-line JSON processor that turns API responses and log lines into scriptable data. Five primitive operations cover almost every operator interaction: select, filter, transform, format, aggregate.

• Field selection. .field, .[0], .users[] all extract data. The query language reads like a path.
• Filtering. select() filters arrays based on conditions. Pipelines stay short.
• Transformation. map(), with_entries(), to_entries() reshape structures. Replaces multi-step shell parsing.
• Output and aggregation. -r removes quotes for shell-friendly output; length, group_by, max, min all are first-class for analysis.

The approach

Three habits separate fluent jq from beginner jq: start narrow, expand with pipes, and switch to raw output when scripting.

• jq '.users[].name'. Extract field from array. The simplest useful query and a common entry point.
• jq '.[] | select(.status == "active")'. Filter by condition. Precise extraction without grep gymnastics.
• jq '. | length' and -r for scripts. Count items, then drop quotes with -r when piping into other shell tools.
• jq 'group_by(.region) | map({region: .[0].region, count: length})'. Group-and-summarise in one pipeline. Replaces a multi-step Python script.

Why this compounds

jq fluency compounds because modern systems are JSON-first. Every API response, every Kubernetes object, every Datadog query result reads through the same five primitives.

• Faster API debugging. jq one-liners replace manual JSON reading. Investigations that took minutes finish in seconds.
• Better script composition. jq in pipelines produces structured input and output. Shell scripts get cleaner.
• Universal applicability. Modern systems are JSON-first. The same toolset serves AWS APIs, Kubernetes, and observability platforms.
• Year-one investment, year-two habit. The first quarter is hostile; the second is fluent. By year two, jq queries write themselves.