jq Power User Cheatsheet

jq for incident response. The expressions that save time.

Filter

.[] | select(.status == "error") | .id finds error IDs.

Faster than grep for JSON.

Aggregate

group_by(.service) | map({service: .[0].service, count: length}) groups by service.

Aggregations without sed/awk.

Transform

{a: .x, b: .y | tonumber} reshapes data.

Pipeable; chains nicely.