Axiom Docs

Use the array_extract function to extract specific values from a dynamic array using a JSON path expression. You can use this function to transform structured array data, such as arrays of objects, into simpler arrays of scalars. This is useful when working with nested JSON-like structures where you need to extract only selected fields for analysis, visualization, or filtering. Use array_extract when:

You need to pull scalar values from arrays of objects.
You want to simplify a nested data structure before further analysis.
You are working with structured logs or metrics where key values are nested inside arrays.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, you typically use spath with a wildcard or field extraction logic to navigate nested structures. APL’s array_extract uses JSON path syntax to extract array elements that match a given pattern.

| eval arr=mvappend("{\"id\":1,\"value\":true}", "{\"id\":2,\"value\":false}")
| spath input=arr path="{}.value" output=extracted_value

ANSI SQL users

ANSI SQL doesn’t offer native support for JSON path queries on arrays in standard syntax. While some engines support functions like JSON_VALUE or JSON_TABLE, they operate on single objects. APL’s array_extract provides a concise and expressive way to query arrays using JSON path.

SELECT JSON_EXTRACT(data, '$[*].value') AS extracted_value
FROM my_table;

Usage

Syntax

array_extract(sourceArray, jsonPath)

Parameters

Name	Type	Description
`sourceArray`	`dynamic`	A JSON-like dynamic array to extract values from.
`jsonPath`	`string`	A JSON path expression to select values from the array.

Returns

A dynamic array of values that match the JSON path expression. The function always returns an array, even when the path matches only one element or no elements.

Use case examples

Use array_extract to retrieve specific fields from structured arrays, such as arrays of request metadata.Query

['sample-http-logs']
| extend extracted_value = array_extract(dynamic([{'id': 1, 'value': true}, {'id': 2, 'value': false}]), @'$[*].value')
| project _time, extracted_value

Run in PlaygroundOutput

_time	extracted_value
Jun 24, 09:28:10	[“true”, “false”]
Jun 24, 09:28:10	[“true”, “false”]
Jun 24, 09:28:10	[“true”, “false”]

This query extracts the value field from an array of objects, returning a flat array of booleans in string form.

array_slice: Returns a subarray like array_extract, but supports negative indexing.
array_length: Returns the number of elements in an array. Useful before applying array_extract.
array_concat: Joins arrays end-to-end. Use before or after slicing arrays with array_extract.
array_index_of: Finds the position of an element in an array, which can help set the startIndex for array_extract.

Get started

Functions

Operators

Reference

Migration

array_extract

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions