Skip to main content

jsonArrayContains Search Operator

Use the jsonArrayContains operator to determine whether a JSON array contains a particular item.

Syntax

jsonArrayContains(<jsonArrayField>, <stringField>)

The <jsonArrayField> argument is a field that contains a string in JSON array format (for example, ["foo", "bar"]). <stringField> is a string to check against the items of that array (for example, "foo"). If the item is in the array, it returns true; otherwise it returns false.

Examples

Filter logs where a tags array contains a specific value

_sourceCategory=application/events
| parse "tags=*," as tags
| where jsonArrayContains(tags, "critical")

Create a boolean field indicating array membership

_sourceCategory=application/events
| parse "roles=*}" as roles
| jsonArrayContains(roles, "admin") as is_admin
| where is_admin = true
Status
Legal
Privacy Statement
Terms of Use
CA Privacy Notice

Copyright © 2026 by Sumo Logic, Inc.