Merge branch 'main' into feat/json-qb-tests

chore: align usage of negative operators in JSON Body (#10758 )
* feat: enable JSON Path index * fix: contextual path index usage * test: fix unit tests * feat: align negative operators to include other logs * fix: primitive conditions working * fix: indexed tests passing * fix: array type filtering from dynamic arrays * fix: unit tests * fix: remove not used paths from testdata * fix: unit tests * fix: comment * fix: indexed unit tests * fix: array json element comparison * feat: change filtering of dynamic arrays * fix: dynamic array tests * fix: stringified integer value input * fix: better review for test file * fix: negative operator check * ci: lint changes * ci: lint fix
2026-04-07 20:50:26 +01:00 · 2026-04-07 21:49:21 +05:30 · 2026-04-07 15:51:26 +00:00 · 2026-04-07 11:49:26 +00:00 · 2026-04-07 11:10:48 +00:00 · 2026-04-07 16:22:26 +05:30
30 changed files with 3196 additions and 1148 deletions
--- a/.github/workflows/integrationci.yaml
+++ b/.github/workflows/integrationci.yaml
@@ -52,6 +52,7 @@ jobs:
          - ingestionkeys
          - rootuser
          - serviceaccount
+          - querier_json_body
        sqlstore-provider:
          - postgres
          - sqlite
--- a/frontend/src/AppRoutes/Private.tsx
+++ b/frontend/src/AppRoutes/Private.tsx
@@ -1,4 +1,4 @@
-import { ReactChild, useCallback, useEffect, useMemo, useState } from 'react';
+import { ReactChild, useCallback, useMemo } from 'react';
 import { matchPath, Redirect, useLocation } from 'react-router-dom';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
@@ -8,12 +8,10 @@ import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import ROUTES from 'constants/routes';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import history from 'lib/history';
 import { isEmpty } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
 import { LicensePlatform, LicenseState } from 'types/api/licensesV3/getActive';
 import { OrgPreference } from 'types/api/preferences/preference';
-import { Organization } from 'types/api/user/getOrganization';
 import { USER_ROLES } from 'types/roles';
 import { routePermission } from 'utils/permission';

@@ -25,6 +23,7 @@ import routes, {
 	SUPPORT_ROUTE,
 } from './routes';

+// eslint-disable-next-line sonarjs/cognitive-complexity
 function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	const location = useLocation();
 	const { pathname } = location;
@@ -57,7 +56,12 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	const currentRoute = mapRoutes.get('current');
 	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();

-	const [orgData, setOrgData] = useState<Organization | undefined>(undefined);
+	const orgData = useMemo(() => {
+		if (org && org.length > 0 && org[0].id !== undefined) {
+			return org[0];
+		}
+		return undefined;
+	}, [org]);

 	const { data: usersData, isFetching: isFetchingUsers } = useListUsers({
 		query: {
@@ -75,214 +79,7 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		return remainingUsers.length === 1;
 	}, [usersData?.data]);

-	useEffect(() => {
-		if (
-			isCloudUserVal &&
-			!isFetchingOrgPreferences &&
-			orgPreferences &&
-			!isFetchingUsers &&
-			usersData &&
-			usersData.data
-		) {
-			const isOnboardingComplete = orgPreferences?.find(
-				(preference: OrgPreference) =>
-					preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
-			)?.value;
-
-			// Don't redirect to onboarding if workspace has issues (blocked, suspended, or restricted)
-			// User needs access to settings/billing to fix payment issues
-			const isWorkspaceBlocked = trialInfo?.workSpaceBlock;
-			const isWorkspaceSuspended = activeLicense?.state === LicenseState.DEFAULTED;
-			const isWorkspaceAccessRestricted =
-				activeLicense?.state === LicenseState.TERMINATED ||
-				activeLicense?.state === LicenseState.EXPIRED ||
-				activeLicense?.state === LicenseState.CANCELLED;
-
-			const hasWorkspaceIssue =
-				isWorkspaceBlocked || isWorkspaceSuspended || isWorkspaceAccessRestricted;
-
-			if (hasWorkspaceIssue) {
-				return;
-			}
-
-			const isFirstUser = checkFirstTimeUser();
-			if (
-				isFirstUser &&
-				!isOnboardingComplete &&
-				// if the current route is allowed to be overriden by org onboarding then only do the same
-				!ROUTES_NOT_TO_BE_OVERRIDEN.includes(pathname)
-			) {
-				history.push(ROUTES.ONBOARDING);
-			}
-		}
-	}, [
-		checkFirstTimeUser,
-		isCloudUserVal,
-		isFetchingOrgPreferences,
-		isFetchingUsers,
-		orgPreferences,
-		usersData,
-		pathname,
-		trialInfo?.workSpaceBlock,
-		activeLicense?.state,
-	]);
-
-	const navigateToWorkSpaceBlocked = useCallback((): void => {
-		const isRouteEnabledForWorkspaceBlockedState =
-			isAdmin &&
-			(pathname === ROUTES.SETTINGS ||
-				pathname === ROUTES.ORG_SETTINGS ||
-				pathname === ROUTES.MEMBERS_SETTINGS ||
-				pathname === ROUTES.BILLING ||
-				pathname === ROUTES.MY_SETTINGS);
-
-		if (
-			pathname &&
-			pathname !== ROUTES.WORKSPACE_LOCKED &&
-			!isRouteEnabledForWorkspaceBlockedState
-		) {
-			history.push(ROUTES.WORKSPACE_LOCKED);
-		}
-	}, [isAdmin, pathname]);
-
-	const navigateToWorkSpaceAccessRestricted = useCallback((): void => {
-		if (pathname && pathname !== ROUTES.WORKSPACE_ACCESS_RESTRICTED) {
-			history.push(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
-		}
-	}, [pathname]);
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
-			const isTerminated = activeLicense.state === LicenseState.TERMINATED;
-			const isExpired = activeLicense.state === LicenseState.EXPIRED;
-			const isCancelled = activeLicense.state === LicenseState.CANCELLED;
-
-			const isWorkspaceAccessRestricted = isTerminated || isExpired || isCancelled;
-
-			const { platform } = activeLicense;
-
-			if (isWorkspaceAccessRestricted && platform === LicensePlatform.CLOUD) {
-				navigateToWorkSpaceAccessRestricted();
-			}
-		}
-	}, [
-		isFetchingActiveLicense,
-		activeLicense,
-		navigateToWorkSpaceAccessRestricted,
-	]);
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense) {
-			const shouldBlockWorkspace = trialInfo?.workSpaceBlock;
-
-			if (
-				shouldBlockWorkspace &&
-				activeLicense?.platform === LicensePlatform.CLOUD
-			) {
-				navigateToWorkSpaceBlocked();
-			}
-		}
-	}, [
-		isFetchingActiveLicense,
-		trialInfo?.workSpaceBlock,
-		activeLicense?.platform,
-		navigateToWorkSpaceBlocked,
-	]);
-
-	const navigateToWorkSpaceSuspended = useCallback((): void => {
-		if (pathname && pathname !== ROUTES.WORKSPACE_SUSPENDED) {
-			history.push(ROUTES.WORKSPACE_SUSPENDED);
-		}
-	}, [pathname]);
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
-			const shouldSuspendWorkspace =
-				activeLicense.state === LicenseState.DEFAULTED;
-
-			if (
-				shouldSuspendWorkspace &&
-				activeLicense.platform === LicensePlatform.CLOUD
-			) {
-				navigateToWorkSpaceSuspended();
-			}
-		}
-	}, [isFetchingActiveLicense, activeLicense, navigateToWorkSpaceSuspended]);
-
-	useEffect(() => {
-		if (org && org.length > 0 && org[0].id !== undefined) {
-			setOrgData(org[0]);
-		}
-	}, [org]);
-
-	// if the feature flag is enabled and the current route is /get-started then redirect to /get-started-with-signoz-cloud
-	useEffect(() => {
-		if (
-			currentRoute?.path === ROUTES.GET_STARTED &&
-			featureFlags?.find((e) => e.name === FeatureKeys.ONBOARDING_V3)?.active
-		) {
-			history.push(ROUTES.GET_STARTED_WITH_CLOUD);
-		}
-	}, [currentRoute, featureFlags]);
-
-	// eslint-disable-next-line sonarjs/cognitive-complexity
-	useEffect(() => {
-		// if it is an old route navigate to the new route
-		if (isOldRoute) {
-			// this will be handled by the redirect component below
-			return;
-		}
-
-		// if the current route is public dashboard then don't redirect to login
-		const isPublicDashboard = currentRoute?.path === ROUTES.PUBLIC_DASHBOARD;
-
-		if (isPublicDashboard) {
-			return;
-		}
-
-		// if the current route
-		if (currentRoute) {
-			const { isPrivate, key } = currentRoute;
-			if (isPrivate) {
-				if (isLoggedInState) {
-					const route = routePermission[key];
-					if (route && route.find((e) => e === user.role) === undefined) {
-						history.push(ROUTES.UN_AUTHORIZED);
-					}
-				} else {
-					setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
-					history.push(ROUTES.LOGIN);
-				}
-			} else if (isLoggedInState) {
-				const fromPathname = getLocalStorageApi(
-					LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
-				);
-				if (fromPathname) {
-					history.push(fromPathname);
-					setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
-				} else if (pathname !== ROUTES.SOMETHING_WENT_WRONG) {
-					history.push(ROUTES.HOME);
-				}
-			} else {
-				// do nothing as the unauthenticated routes are LOGIN and SIGNUP and the LOGIN container takes care of routing to signup if
-				// setup is not completed
-			}
-		} else if (isLoggedInState) {
-			const fromPathname = getLocalStorageApi(
-				LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
-			);
-			if (fromPathname) {
-				history.push(fromPathname);
-				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
-			} else {
-				history.push(ROUTES.HOME);
-			}
-		} else {
-			setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
-			history.push(ROUTES.LOGIN);
-		}
-	}, [isLoggedInState, pathname, user, isOldRoute, currentRoute, location]);
-
+	// Handle old routes - redirect to new routes
 	if (isOldRoute) {
 		const redirectUrl = oldNewRoutesMapping[pathname];
 		return (
@@ -296,7 +93,143 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		);
 	}

-	// NOTE: disabling this rule as there is no need to have div
+	// Public dashboard - no redirect needed
+	const isPublicDashboard = currentRoute?.path === ROUTES.PUBLIC_DASHBOARD;
+	if (isPublicDashboard) {
+		return <>{children}</>;
+	}
+
+	// Check for workspace access restriction (cloud only)
+	const isCloudPlatform = activeLicense?.platform === LicensePlatform.CLOUD;
+
+	if (!isFetchingActiveLicense && activeLicense && isCloudPlatform) {
+		const isTerminated = activeLicense.state === LicenseState.TERMINATED;
+		const isExpired = activeLicense.state === LicenseState.EXPIRED;
+		const isCancelled = activeLicense.state === LicenseState.CANCELLED;
+		const isWorkspaceAccessRestricted = isTerminated || isExpired || isCancelled;
+
+		if (
+			isWorkspaceAccessRestricted &&
+			pathname !== ROUTES.WORKSPACE_ACCESS_RESTRICTED
+		) {
+			return <Redirect to={ROUTES.WORKSPACE_ACCESS_RESTRICTED} />;
+		}
+
+		// Check for workspace suspended (DEFAULTED)
+		const shouldSuspendWorkspace = activeLicense.state === LicenseState.DEFAULTED;
+		if (shouldSuspendWorkspace && pathname !== ROUTES.WORKSPACE_SUSPENDED) {
+			return <Redirect to={ROUTES.WORKSPACE_SUSPENDED} />;
+		}
+	}
+
+	// Check for workspace blocked (trial expired)
+	if (!isFetchingActiveLicense && isCloudPlatform && trialInfo?.workSpaceBlock) {
+		const isRouteEnabledForWorkspaceBlockedState =
+			isAdmin &&
+			(pathname === ROUTES.SETTINGS ||
+				pathname === ROUTES.ORG_SETTINGS ||
+				pathname === ROUTES.MEMBERS_SETTINGS ||
+				pathname === ROUTES.BILLING ||
+				pathname === ROUTES.MY_SETTINGS);
+
+		if (
+			pathname !== ROUTES.WORKSPACE_LOCKED &&
+			!isRouteEnabledForWorkspaceBlockedState
+		) {
+			return <Redirect to={ROUTES.WORKSPACE_LOCKED} />;
+		}
+	}
+
+	// Check for onboarding redirect (cloud users, first user, onboarding not complete)
+	if (
+		isCloudUserVal &&
+		!isFetchingOrgPreferences &&
+		orgPreferences &&
+		!isFetchingUsers &&
+		usersData &&
+		usersData.data
+	) {
+		const isOnboardingComplete = orgPreferences?.find(
+			(preference: OrgPreference) =>
+				preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
+		)?.value;
+
+		// Don't redirect to onboarding if workspace has issues
+		const isWorkspaceBlocked = trialInfo?.workSpaceBlock;
+		const isWorkspaceSuspended = activeLicense?.state === LicenseState.DEFAULTED;
+		const isWorkspaceAccessRestricted =
+			activeLicense?.state === LicenseState.TERMINATED ||
+			activeLicense?.state === LicenseState.EXPIRED ||
+			activeLicense?.state === LicenseState.CANCELLED;
+
+		const hasWorkspaceIssue =
+			isWorkspaceBlocked || isWorkspaceSuspended || isWorkspaceAccessRestricted;
+
+		if (!hasWorkspaceIssue) {
+			const isFirstUser = checkFirstTimeUser();
+			if (
+				isFirstUser &&
+				!isOnboardingComplete &&
+				!ROUTES_NOT_TO_BE_OVERRIDEN.includes(pathname) &&
+				pathname !== ROUTES.ONBOARDING
+			) {
+				return <Redirect to={ROUTES.ONBOARDING} />;
+			}
+		}
+	}
+
+	// Check for GET_STARTED → GET_STARTED_WITH_CLOUD redirect (feature flag)
+	if (
+		currentRoute?.path === ROUTES.GET_STARTED &&
+		featureFlags?.find((e) => e.name === FeatureKeys.ONBOARDING_V3)?.active
+	) {
+		return <Redirect to={ROUTES.GET_STARTED_WITH_CLOUD} />;
+	}
+
+	// Main routing logic
+	if (currentRoute) {
+		const { isPrivate, key } = currentRoute;
+		if (isPrivate) {
+			if (isLoggedInState) {
+				const route = routePermission[key];
+				if (route && route.find((e) => e === user.role) === undefined) {
+					return <Redirect to={ROUTES.UN_AUTHORIZED} />;
+				}
+			} else {
+				// Save current path and redirect to login
+				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
+				return <Redirect to={ROUTES.LOGIN} />;
+			}
+		} else if (isLoggedInState) {
+			// Non-private route, but user is logged in
+			const fromPathname = getLocalStorageApi(
+				LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
+			);
+			if (fromPathname) {
+				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
+				return <Redirect to={fromPathname} />;
+			}
+			if (pathname !== ROUTES.SOMETHING_WENT_WRONG) {
+				return <Redirect to={ROUTES.HOME} />;
+			}
+		}
+		// Non-private route, user not logged in - let login/signup pages handle it
+	} else if (isLoggedInState) {
+		// Unknown route, logged in
+		const fromPathname = getLocalStorageApi(
+			LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
+		);
+		if (fromPathname) {
+			setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
+			return <Redirect to={fromPathname} />;
+		}
+		return <Redirect to={ROUTES.HOME} />;
+	} else {
+		// Unknown route, not logged in
+		setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
+		return <Redirect to={ROUTES.LOGIN} />;
+	}
+
 	return <>{children}</>;
 }

--- a/frontend/src/AppRoutes/tests/Private.test.tsx
+++ b/frontend/src/AppRoutes/tests/Private.test.tsx
@@ -6,7 +6,6 @@ import { FeatureKeys } from 'constants/features';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
 import { AppContext } from 'providers/App/App';
 import { IAppContext, IUser } from 'providers/App/types';
 import {
@@ -22,19 +21,6 @@ import { ROLES, USER_ROLES } from 'types/roles';

 import PrivateRoute from '../Private';

-// Mock history module
-jest.mock('lib/history', () => ({
-	__esModule: true,
-	default: {
-		push: jest.fn(),
-		location: { pathname: '/', search: '', hash: '' },
-		listen: jest.fn(),
-		createHref: jest.fn(),
-	},
-}));
-
-const mockHistoryPush = history.push as jest.Mock;
-
 // Mock localStorage APIs
 const mockLocalStorage: Record<string, string> = {};
 jest.mock('api/browser/localstorage/get', () => ({
@@ -239,20 +225,18 @@ function renderPrivateRoute(options: RenderPrivateRouteOptions = {}): void {
 }

 // Generic assertion helpers for navigation behavior
-// Using these allows easier refactoring when switching from history.push to Redirect component
+// Using location-based assertions since Private.tsx now uses Redirect component

 async function assertRedirectsTo(targetRoute: string): Promise<void> {
 	await waitFor(() => {
-		expect(mockHistoryPush).toHaveBeenCalledWith(targetRoute);
+		expect(screen.getByTestId('location-display')).toHaveTextContent(targetRoute);
 	});
 }

-function assertNoRedirect(): void {
-	expect(mockHistoryPush).not.toHaveBeenCalled();
-}
-
-function assertDoesNotRedirectTo(targetRoute: string): void {
-	expect(mockHistoryPush).not.toHaveBeenCalledWith(targetRoute);
+function assertStaysOnRoute(expectedRoute: string): void {
+	expect(screen.getByTestId('location-display')).toHaveTextContent(
+		expectedRoute,
+	);
 }

 function assertRendersChildren(): void {
@@ -350,7 +334,7 @@ describe('PrivateRoute', () => {
 			});

 			assertRendersChildren();
-			assertNoRedirect();
+			assertStaysOnRoute('/public/dashboard/abc123');
 		});

 		it('should render children for public dashboard route when logged in without redirecting', () => {
@@ -362,7 +346,7 @@ describe('PrivateRoute', () => {
 			assertRendersChildren();
 			// Critical: without the isPublicDashboard early return, logged-in users
 			// would be redirected to HOME due to the non-private route handling
-			assertNoRedirect();
+			assertStaysOnRoute('/public/dashboard/abc123');
 		});
 	});

@@ -420,7 +404,7 @@ describe('PrivateRoute', () => {
 			});

 			assertRendersChildren();
-			assertNoRedirect();
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should redirect to unauthorized when VIEWER tries to access admin-only route /alerts/new', async () => {
@@ -529,7 +513,7 @@ describe('PrivateRoute', () => {
 				appContext: { isLoggedIn: true },
 			});

-			assertDoesNotRedirectTo(ROUTES.HOME);
+			assertStaysOnRoute(ROUTES.SOMETHING_WENT_WRONG);
 		});
 	});

@@ -541,7 +525,7 @@ describe('PrivateRoute', () => {
 			});

 			// Should not redirect - login page handles its own routing
-			assertNoRedirect();
+			assertStaysOnRoute(ROUTES.LOGIN);
 		});

 		it('should not redirect when not logged in user visits signup page', () => {
@@ -550,7 +534,7 @@ describe('PrivateRoute', () => {
 				appContext: { isLoggedIn: false },
 			});

-			assertNoRedirect();
+			assertStaysOnRoute(ROUTES.SIGN_UP);
 		});

 		it('should not redirect when not logged in user visits password reset page', () => {
@@ -559,7 +543,7 @@ describe('PrivateRoute', () => {
 				appContext: { isLoggedIn: false },
 			});

-			assertNoRedirect();
+			assertStaysOnRoute(ROUTES.PASSWORD_RESET);
 		});

 		it('should not redirect when not logged in user visits forgot password page', () => {
@@ -568,7 +552,7 @@ describe('PrivateRoute', () => {
 				appContext: { isLoggedIn: false },
 			});

-			assertNoRedirect();
+			assertStaysOnRoute(ROUTES.FORGOT_PASSWORD);
 		});
 	});

@@ -657,7 +641,7 @@ describe('PrivateRoute', () => {
 			});

 			// Admin should be able to access settings even when workspace is blocked
-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.SETTINGS);
 		});

 		it('should allow ADMIN to access /settings/billing when workspace is blocked', () => {
@@ -673,7 +657,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.BILLING);
 		});

 		it('should allow ADMIN to access /settings/org-settings when workspace is blocked', () => {
@@ -689,7 +673,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.ORG_SETTINGS);
 		});

 		it('should allow ADMIN to access /settings/members when workspace is blocked', () => {
@@ -705,7 +689,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.MEMBERS_SETTINGS);
 		});

 		it('should allow ADMIN to access /settings/my-settings when workspace is blocked', () => {
@@ -721,7 +705,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.MY_SETTINGS);
 		});

 		it('should redirect VIEWER to workspace locked even when trying to access settings', async () => {
@@ -832,7 +816,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.WORKSPACE_LOCKED);
 		});

 		it('should not redirect self-hosted users to workspace locked even when workSpaceBlock is true', () => {
@@ -849,7 +833,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: false,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});
 	});

@@ -919,7 +903,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
+			assertStaysOnRoute(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
 		});

 		it('should not redirect self-hosted users to workspace access restricted when license is terminated', () => {
@@ -936,7 +920,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: false,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not redirect when license is ACTIVE', () => {
@@ -953,7 +937,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not redirect when license is EVALUATING', () => {
@@ -970,7 +954,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});
 	});

@@ -1006,7 +990,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_SUSPENDED);
+			assertStaysOnRoute(ROUTES.WORKSPACE_SUSPENDED);
 		});

 		it('should not redirect self-hosted users to workspace suspended when license is defaulted', () => {
@@ -1023,7 +1007,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: false,
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_SUSPENDED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});
 	});

@@ -1043,6 +1027,11 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

+			// Wait for the users query to complete and trigger re-render
+			await act(async () => {
+				await Promise.resolve();
+			});
+
 			await assertRedirectsTo(ROUTES.ONBOARDING);
 		});

@@ -1058,7 +1047,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not redirect to onboarding when onboarding is already complete', async () => {
@@ -1084,7 +1073,7 @@ describe('PrivateRoute', () => {

 			// Critical: if isOnboardingComplete check is broken (always false),
 			// this test would fail because all other conditions for redirect ARE met
-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not redirect to onboarding for non-cloud users', () => {
@@ -1099,7 +1088,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: false,
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not redirect to onboarding when on /workspace-locked route', () => {
@@ -1114,7 +1103,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.WORKSPACE_LOCKED);
 		});

 		it('should not redirect to onboarding when on /workspace-suspended route', () => {
@@ -1129,7 +1118,7 @@ describe('PrivateRoute', () => {
 				isCloudUser: true,
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.WORKSPACE_SUSPENDED);
 		});

 		it('should not redirect to onboarding when workspace is blocked and accessing billing', async () => {
@@ -1156,7 +1145,7 @@ describe('PrivateRoute', () => {
 			});

 			// Should NOT redirect to onboarding - user needs to access billing to fix payment
-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.BILLING);
 		});

 		it('should not redirect to onboarding when workspace is blocked and accessing settings', async () => {
@@ -1180,7 +1169,7 @@ describe('PrivateRoute', () => {
 				await Promise.resolve();
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			assertStaysOnRoute(ROUTES.SETTINGS);
 		});

 		it('should not redirect to onboarding when workspace is suspended (DEFAULTED)', async () => {
@@ -1207,7 +1196,7 @@ describe('PrivateRoute', () => {
 			});

 			// Should redirect to WORKSPACE_SUSPENDED, not ONBOARDING
-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			await assertRedirectsTo(ROUTES.WORKSPACE_SUSPENDED);
 		});

 		it('should not redirect to onboarding when workspace is access restricted (TERMINATED)', async () => {
@@ -1234,7 +1223,7 @@ describe('PrivateRoute', () => {
 			});

 			// Should redirect to WORKSPACE_ACCESS_RESTRICTED, not ONBOARDING
-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			await assertRedirectsTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
 		});

 		it('should not redirect to onboarding when workspace is access restricted (EXPIRED)', async () => {
@@ -1260,7 +1249,7 @@ describe('PrivateRoute', () => {
 				await Promise.resolve();
 			});

-			assertDoesNotRedirectTo(ROUTES.ONBOARDING);
+			await assertRedirectsTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
 		});
 	});

@@ -1302,7 +1291,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.GET_STARTED_WITH_CLOUD);
+			assertStaysOnRoute(ROUTES.GET_STARTED);
 		});

 		it('should not redirect when on GET_STARTED and ONBOARDING_V3 feature flag is not present', () => {
@@ -1314,7 +1303,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.GET_STARTED_WITH_CLOUD);
+			assertStaysOnRoute(ROUTES.GET_STARTED);
 		});

 		it('should not redirect when on different route even if ONBOARDING_V3 is active', () => {
@@ -1334,7 +1323,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.GET_STARTED_WITH_CLOUD);
+			assertStaysOnRoute(ROUTES.HOME);
 		});
 	});

@@ -1350,7 +1339,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});

 		it('should not fetch users when org data is not available', () => {
@@ -1393,9 +1382,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_LOCKED);
-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_SUSPENDED);
-			assertDoesNotRedirectTo(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
+			assertStaysOnRoute(ROUTES.HOME);
 		});
 	});

@@ -1436,22 +1423,40 @@ describe('PrivateRoute', () => {
 			await assertRedirectsTo(ROUTES.UN_AUTHORIZED);
 		});

-		it('should allow all roles to access /services route', () => {
-			const roles = [USER_ROLES.ADMIN, USER_ROLES.EDITOR, USER_ROLES.VIEWER];
-
-			roles.forEach((role) => {
-				jest.clearAllMocks();
-
-				renderPrivateRoute({
-					initialRoute: ROUTES.APPLICATION,
-					appContext: {
-						isLoggedIn: true,
-						user: createMockUser({ role: role as ROLES }),
-					},
-				});
-
-				assertDoesNotRedirectTo(ROUTES.UN_AUTHORIZED);
+		it('should allow ADMIN to access /services route', () => {
+			renderPrivateRoute({
+				initialRoute: ROUTES.APPLICATION,
+				appContext: {
+					isLoggedIn: true,
+					user: createMockUser({ role: USER_ROLES.ADMIN as ROLES }),
+				},
 			});
+
+			assertStaysOnRoute(ROUTES.APPLICATION);
+		});
+
+		it('should allow EDITOR to access /services route', () => {
+			renderPrivateRoute({
+				initialRoute: ROUTES.APPLICATION,
+				appContext: {
+					isLoggedIn: true,
+					user: createMockUser({ role: USER_ROLES.EDITOR as ROLES }),
+				},
+			});
+
+			assertStaysOnRoute(ROUTES.APPLICATION);
+		});
+
+		it('should allow VIEWER to access /services route', () => {
+			renderPrivateRoute({
+				initialRoute: ROUTES.APPLICATION,
+				appContext: {
+					isLoggedIn: true,
+					user: createMockUser({ role: USER_ROLES.VIEWER as ROLES }),
+				},
+			});
+
+			assertStaysOnRoute(ROUTES.APPLICATION);
 		});

 		it('should redirect VIEWER from /onboarding route (admin only)', async () => {
@@ -1481,7 +1486,7 @@ describe('PrivateRoute', () => {
 			});

 			assertRendersChildren();
-			assertDoesNotRedirectTo(ROUTES.UN_AUTHORIZED);
+			assertStaysOnRoute(ROUTES.CHANNELS_NEW);
 		});

 		it('should allow EDITOR to access /get-started route', () => {
@@ -1493,7 +1498,7 @@ describe('PrivateRoute', () => {
 				},
 			});

-			assertDoesNotRedirectTo(ROUTES.UN_AUTHORIZED);
+			assertStaysOnRoute(ROUTES.GET_STARTED);
 		});
 	});

--- a/frontend/src/container/DashboardContainer/visualization/charts/ChartWrapper/ChartWrapper.tsx
+++ b/frontend/src/container/DashboardContainer/visualization/charts/ChartWrapper/ChartWrapper.tsx
@@ -13,7 +13,7 @@ import uPlot from 'uplot';

 import { ChartProps } from '../types';

-const TOOLTIP_WIDTH_PADDING = 60;
+const TOOLTIP_WIDTH_PADDING = 120;
 const TOOLTIP_MIN_WIDTH = 200;

 export default function ChartWrapper({
--- a/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.module.scss
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.module.scss
@@ -0,0 +1,72 @@
+.uplot-tooltip-container {
+	font-family: 'Inter';
+	font-size: 12px;
+	background: var(--bg-ink-300);
+	-webkit-font-smoothing: antialiased;
+	color: var(--bg-vanilla-100);
+	border-radius: 6px;
+	border: 1px solid var(--bg-ink-100);
+	display: flex;
+	flex-direction: column;
+	gap: 8px;
+
+	&.lightMode {
+		background: var(--bg-vanilla-100);
+		color: var(--bg-ink-500);
+		border: 1px solid var(--bg-vanilla-300);
+
+		.uplot-tooltip-list {
+			&::-webkit-scrollbar-thumb {
+				background: var(--bg-vanilla-400);
+			}
+		}
+
+		.uplot-tooltip-divider {
+			background-color: var(--bg-vanilla-300);
+		}
+	}
+
+	.uplot-tooltip-header-container {
+		padding: 1rem 1rem 0 1rem;
+		display: flex;
+		flex-direction: column;
+		gap: 8px;
+
+		&:last-child {
+			padding-bottom: 1rem;
+		}
+
+		.uplot-tooltip-header {
+			font-size: 13px;
+			font-weight: 500;
+		}
+	}
+
+	.uplot-tooltip-divider {
+		width: 100%;
+		height: 1px;
+		background-color: var(--bg-ink-100);
+	}
+
+	.uplot-tooltip-list {
+		// Virtuoso absolutely positions its item rows; left: 0 prevents accidental
+		// horizontal offset when the scroller has padding or transform applied.
+		div[data-viewport-type='element'] {
+			left: 0;
+			padding: 4px 8px 4px 16px;
+		}
+
+		&::-webkit-scrollbar {
+			width: 0.3rem;
+		}
+
+		&::-webkit-scrollbar-track {
+			background: transparent;
+		}
+
+		&::-webkit-scrollbar-thumb {
+			background: var(--bg-slate-100);
+			border-radius: 0.5rem;
+		}
+	}
+}
--- a/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.styles.scss
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.styles.scss
@@ -1,70 +0,0 @@
-.uplot-tooltip-container {
-	font-family: 'Inter';
-	font-size: 12px;
-	background: var(--bg-ink-300);
-	-webkit-font-smoothing: antialiased;
-	color: var(--bg-vanilla-100);
-	border-radius: 6px;
-	padding: 1rem 0.5rem 0.5rem 1rem;
-	border: 1px solid var(--bg-ink-100);
-	display: flex;
-	flex-direction: column;
-	gap: 8px;
-
-	&.lightMode {
-		background: var(--bg-vanilla-100);
-		color: var(--bg-ink-500);
-		border: 1px solid var(--bg-vanilla-300);
-
-		.uplot-tooltip-list {
-			&::-webkit-scrollbar-thumb {
-				background: var(--bg-vanilla-400);
-			}
-		}
-	}
-
-	.uplot-tooltip-header {
-		font-size: 13px;
-		font-weight: 500;
-	}
-
-	.uplot-tooltip-list-container {
-		overflow-y: auto;
-		max-height: 330px;
-
-		.uplot-tooltip-list {
-			&::-webkit-scrollbar {
-				width: 0.3rem;
-			}
-
-			&::-webkit-scrollbar-track {
-				background: transparent;
-			}
-
-			&::-webkit-scrollbar-thumb {
-				background: var(--bg-slate-100);
-				border-radius: 0.5rem;
-			}
-		}
-	}
-
-	.uplot-tooltip-item {
-		display: flex;
-		align-items: center;
-		gap: 8px;
-		margin-bottom: 4px;
-
-		.uplot-tooltip-item-marker {
-			border-radius: 50%;
-			border-width: 2px;
-			width: 12px;
-			height: 12px;
-			flex-shrink: 0;
-		}
-
-		.uplot-tooltip-item-content {
-			white-space: wrap;
-			word-break: break-all;
-		}
-	}
-}
--- a/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.tsx
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.tsx
@@ -7,12 +7,14 @@ import { useIsDarkMode } from 'hooks/useDarkMode';
 import { useTimezone } from 'providers/Timezone';

 import { TooltipProps } from '../types';
+import TooltipItem from './components/TooltipItem/TooltipItem';

-import './Tooltip.styles.scss';
+import Styles from './Tooltip.module.scss';

-const TOOLTIP_LIST_MAX_HEIGHT = 330;
+// Fallback per-item height used for the initial size estimate before
+// Virtuoso reports the real total height via totalListHeightChanged.
 const TOOLTIP_ITEM_HEIGHT = 38;
-const TOOLTIP_LIST_PADDING = 10;
+const LIST_MAX_HEIGHT = 300;

 export default function Tooltip({
 	uPlotInstance,
@@ -21,27 +23,26 @@ export default function Tooltip({
 	showTooltipHeader = true,
 }: TooltipProps): JSX.Element {
 	const isDarkMode = useIsDarkMode();
-	const [listHeight, setListHeight] = useState(0);
-	const tooltipContent = content ?? [];
 	const { timezone: userTimezone } = useTimezone();
+	const [totalListHeight, setTotalListHeight] = useState(0);

-	const resolvedTimezone = useMemo(() => {
-		if (!timezone) {
-			return userTimezone.value;
-		}
-		return timezone.value;
-	}, [timezone, userTimezone]);
+	const tooltipContent = useMemo(() => content ?? [], [content]);
+
+	const resolvedTimezone = timezone?.value ?? userTimezone.value;

 	const headerTitle = useMemo(() => {
 		if (!showTooltipHeader) {
 			return null;
 		}
-		const data = uPlotInstance.data;
 		const cursorIdx = uPlotInstance.cursor.idx;
 		if (cursorIdx == null) {
 			return null;
 		}
-		return dayjs(data[0][cursorIdx] * 1000)
+		const timestamp = uPlotInstance.data[0]?.[cursorIdx];
+		if (timestamp == null) {
+			return null;
+		}
+		return dayjs(timestamp * 1000)
 			.tz(resolvedTimezone)
 			.format(DATE_TIME_FORMATS.MONTH_DATETIME_SECONDS);
 	}, [
@@ -51,60 +52,68 @@ export default function Tooltip({
 		showTooltipHeader,
 	]);

-	const virtuosoStyle = useMemo(() => {
-		return {
-			height:
-				listHeight > 0
-					? Math.min(listHeight + TOOLTIP_LIST_PADDING, TOOLTIP_LIST_MAX_HEIGHT)
-					: Math.min(
-							tooltipContent.length * TOOLTIP_ITEM_HEIGHT,
-							TOOLTIP_LIST_MAX_HEIGHT,
-					  ),
-			width: '100%',
-		};
-	}, [listHeight, tooltipContent.length]);
+	const activeItem = useMemo(
+		() => tooltipContent.find((item) => item.isActive) ?? null,
+		[tooltipContent],
+	);
+
+	// Use the measured height from Virtuoso when available; fall back to a
+	// per-item estimate on the first render.  Math.ceil prevents a 1 px
+	// subpixel rounding gap from triggering a spurious scrollbar.
+	const virtuosoHeight = useMemo(() => {
+		return totalListHeight > 0
+			? Math.ceil(Math.min(totalListHeight, LIST_MAX_HEIGHT))
+			: Math.min(tooltipContent.length * TOOLTIP_ITEM_HEIGHT, LIST_MAX_HEIGHT);
+	}, [totalListHeight, tooltipContent.length]);
+
+	const showHeader = showTooltipHeader || activeItem != null;
+	// With a single series the active item is fully represented in the header —
+	// hide the divider and list to avoid showing a duplicate row.
+	const showList = tooltipContent.length > 1;
+	const showDivider = showList && showHeader;

 	return (
 		<div
-			className={cx(
-				'uplot-tooltip-container',
-				isDarkMode ? 'darkMode' : 'lightMode',
-			)}
+			className={cx(Styles.uplotTooltipContainer, !isDarkMode && Styles.lightMode)}
 			data-testid="uplot-tooltip-container"
 		>
-			{showTooltipHeader && (
-				<div className="uplot-tooltip-header" data-testid="uplot-tooltip-header">
-					<span>{headerTitle}</span>
+			{showHeader && (
+				<div className={Styles.uplotTooltipHeaderContainer}>
+					{showTooltipHeader && headerTitle && (
+						<div
+							className={Styles.uplotTooltipHeader}
+							data-testid="uplot-tooltip-header"
+						>
+							<span>{headerTitle}</span>
+						</div>
+					)}
+
+					{activeItem && (
+						<TooltipItem
+							item={activeItem}
+							isItemActive={true}
+							containerTestId="uplot-tooltip-pinned"
+							markerTestId="uplot-tooltip-pinned-marker"
+							contentTestId="uplot-tooltip-pinned-content"
+						/>
+					)}
 				</div>
 			)}
-			<div className="uplot-tooltip-list-container">
-				{tooltipContent.length > 0 ? (
-					<Virtuoso
-						className="uplot-tooltip-list"
-						data-testid="uplot-tooltip-list"
-						data={tooltipContent}
-						style={virtuosoStyle}
-						totalListHeightChanged={setListHeight}
-						itemContent={(_, item): JSX.Element => (
-							<div className="uplot-tooltip-item" data-testid="uplot-tooltip-item">
-								<div
-									className="uplot-tooltip-item-marker"
-									style={{ borderColor: item.color }}
-									data-is-legend-marker={true}
-									data-testid="uplot-tooltip-item-marker"
-								/>
-								<div
-									className="uplot-tooltip-item-content"
-									style={{ color: item.color, fontWeight: item.isActive ? 700 : 400 }}
-									data-testid="uplot-tooltip-item-content"
-								>
-									{item.label}: {item.tooltipValue}
-								</div>
-							</div>
-						)}
-					/>
-				) : null}
-			</div>
+
+			{showDivider && <span className={Styles.uplotTooltipDivider} />}
+
+			{showList && (
+				<Virtuoso
+					className={Styles.uplotTooltipList}
+					data-testid="uplot-tooltip-list"
+					data={tooltipContent}
+					style={{ height: virtuosoHeight, width: '100%' }}
+					totalListHeightChanged={setTotalListHeight}
+					itemContent={(_, item): JSX.Element => (
+						<TooltipItem item={item} isItemActive={false} />
+					)}
+				/>
+			)}
 		</div>
 	);
 }
--- a/frontend/src/lib/uPlotV2/components/Tooltip/tests/Tooltip.test.tsx
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/tests/Tooltip.test.tsx
@@ -133,46 +133,30 @@ describe('Tooltip', () => {
 		expect(screen.queryByText(unexpectedTitle)).not.toBeInTheDocument();
 	});

-	it('renders lightMode class when dark mode is disabled', () => {
+	it('renders single active item in header only, without a list', () => {
 		const uPlotInstance = createUPlotInstance(null);
-		mockUseIsDarkMode.mockReturnValue(false);
-
-		renderTooltip({ uPlotInstance });
-
-		const container = screen.getByTestId('uplot-tooltip-container');
-
-		expect(container).toHaveClass('lightMode');
-		expect(container).not.toHaveClass('darkMode');
-	});
-
-	it('renders darkMode class when dark mode is enabled', () => {
-		const uPlotInstance = createUPlotInstance(null);
-		mockUseIsDarkMode.mockReturnValue(true);
-
-		renderTooltip({ uPlotInstance });
-
-		const container = screen.getByTestId('uplot-tooltip-container');
-
-		expect(container).toHaveClass('darkMode');
-		expect(container).not.toHaveClass('lightMode');
-	});
-
-	it('renders tooltip items when content is provided', () => {
-		const uPlotInstance = createUPlotInstance(null);
-		const content = [createTooltipContent()];
+		const content = [createTooltipContent({ isActive: true })];

 		renderTooltip({ uPlotInstance, content });

-		const list = screen.queryByTestId('uplot-tooltip-list');
+		// Active item is shown in the header, not duplicated in a list
+		expect(screen.queryByTestId('uplot-tooltip-list')).toBeNull();
+		expect(screen.getByTestId('uplot-tooltip-pinned')).toBeInTheDocument();
+		const pinnedContent = screen.getByTestId('uplot-tooltip-pinned-content');
+		expect(pinnedContent).toHaveTextContent('Series A');
+		expect(pinnedContent).toHaveTextContent('10');
+	});

-		expect(list).not.toBeNull();
+	it('renders list when multiple series are present', () => {
+		const uPlotInstance = createUPlotInstance(null);
+		const content = [
+			createTooltipContent({ isActive: true }),
+			createTooltipContent({ label: 'Series B', isActive: false }),
+		];

-		const marker = screen.getByTestId('uplot-tooltip-item-marker');
-		const itemContent = screen.getByTestId('uplot-tooltip-item-content');
+		renderTooltip({ uPlotInstance, content });

-		expect(marker).toHaveStyle({ borderColor: '#ff0000' });
-		expect(itemContent).toHaveStyle({ color: '#ff0000', fontWeight: '700' });
-		expect(itemContent).toHaveTextContent('Series A: 10');
+		expect(screen.getByTestId('uplot-tooltip-list')).toBeInTheDocument();
 	});

 	it('does not render tooltip list when content is empty', () => {
@@ -192,7 +176,7 @@ describe('Tooltip', () => {
 		renderTooltip({ uPlotInstance, content });

 		const list = screen.getByTestId('uplot-tooltip-list');
-		expect(list).toHaveStyle({ height: '210px' });
+		expect(list).toHaveStyle({ height: '200px' });
 	});

 	it('sets tooltip list height based on content length when Virtuoso reports 0 height', () => {
--- a/frontend/src/lib/uPlotV2/components/Tooltip/tests/utils.test.ts
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/tests/utils.test.ts
@@ -189,7 +189,7 @@ describe('Tooltip utils', () => {
 			];
 		}

-		it('builds tooltip content with active series first', () => {
+		it('builds tooltip content in series-index order with isActive flag set correctly', () => {
 			const data: AlignedData = [[0], [10], [20], [30]];
 			const series = createSeriesConfig();
 			const dataIndexes = [null, 0, 0, 0];
@@ -206,21 +206,21 @@ describe('Tooltip utils', () => {
 			});

 			expect(result).toHaveLength(2);
-			// Active (series index 2) should come first
+			// Series are returned in series-index order (A=index 1 before B=index 2)
 			expect(result[0]).toMatchObject<Partial<TooltipContentItem>>({
-				label: 'B',
-				value: 20,
-				tooltipValue: 'formatted-20',
-				color: 'color-2',
-				isActive: true,
-			});
-			expect(result[1]).toMatchObject<Partial<TooltipContentItem>>({
 				label: 'A',
 				value: 10,
 				tooltipValue: 'formatted-10',
 				color: '#ff0000',
 				isActive: false,
 			});
+			expect(result[1]).toMatchObject<Partial<TooltipContentItem>>({
+				label: 'B',
+				value: 20,
+				tooltipValue: 'formatted-20',
+				color: 'color-2',
+				isActive: true,
+			});
 		});

 		it('skips series with null data index or non-finite values', () => {
@@ -273,5 +273,31 @@ describe('Tooltip utils', () => {
 			expect(result[0].value).toBe(30);
 			expect(result[1].value).toBe(30);
 		});
+
+		it('returns items in series-index order', () => {
+			// Series values in non-sorted order: 3, 1, 4, 2
+			const data: AlignedData = [[0], [3], [1], [4], [2]];
+			const series: Series[] = [
+				{ label: 'x', show: true } as Series,
+				{ label: 'C', show: true, stroke: '#aaaaaa' } as Series,
+				{ label: 'A', show: true, stroke: '#bbbbbb' } as Series,
+				{ label: 'D', show: true, stroke: '#cccccc' } as Series,
+				{ label: 'B', show: true, stroke: '#dddddd' } as Series,
+			];
+			const dataIndexes = [null, 0, 0, 0, 0];
+			const u = createUPlotInstance();
+
+			const result = buildTooltipContent({
+				data,
+				series,
+				dataIndexes,
+				activeSeriesIndex: null,
+				uPlotInstance: u,
+				yAxisUnit,
+				decimalPrecision,
+			});
+
+			expect(result.map((item) => item.value)).toEqual([3, 1, 4, 2]);
+		});
 	});
 });
--- a/frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipItem/TooltipItem.module.scss
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipItem/TooltipItem.module.scss
@@ -0,0 +1,36 @@
+.uplot-tooltip-item {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+	padding: 4px 0;
+
+	.uplot-tooltip-item-marker {
+		border-radius: 50%;
+		border-style: solid;
+		border-width: 2px;
+		width: 12px;
+		height: 12px;
+		flex-shrink: 0;
+	}
+
+	.uplot-tooltip-item-content {
+		width: 100%;
+		display: flex;
+		align-items: center;
+		gap: 8px;
+		justify-content: space-between;
+
+		.uplot-tooltip-item-label {
+			white-space: normal;
+			overflow-wrap: anywhere;
+		}
+
+		&-separator {
+			flex: 1;
+			border-width: 0.5px;
+			border-style: dashed;
+			min-width: 24px;
+			opacity: 0.5;
+		}
+	}
+}
--- a/frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipItem/TooltipItem.tsx
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipItem/TooltipItem.tsx
@@ -0,0 +1,49 @@
+import { TooltipContentItem } from '../../../types';
+
+import Styles from './TooltipItem.module.scss';
+
+interface TooltipItemProps {
+	item: TooltipContentItem;
+	isItemActive: boolean;
+	containerTestId?: string;
+	markerTestId?: string;
+	contentTestId?: string;
+}
+
+export default function TooltipItem({
+	item,
+	isItemActive,
+	containerTestId = 'uplot-tooltip-item',
+	markerTestId = 'uplot-tooltip-item-marker',
+	contentTestId = 'uplot-tooltip-item-content',
+}: TooltipItemProps): JSX.Element {
+	return (
+		<div
+			className={Styles.uplotTooltipItem}
+			style={{
+				opacity: isItemActive ? 1 : 0.7,
+				fontWeight: isItemActive ? 700 : 400,
+			}}
+			data-testid={containerTestId}
+		>
+			<div
+				className={Styles.uplotTooltipItemMarker}
+				style={{ borderColor: item.color }}
+				data-is-legend-marker={true}
+				data-testid={markerTestId}
+			/>
+			<div
+				className={Styles.uplotTooltipItemContent}
+				style={{ color: item.color }}
+				data-testid={contentTestId}
+			>
+				<span className={Styles.uplotTooltipItemLabel}>{item.label}</span>
+				<span
+					className={Styles.uplotTooltipItemContentSeparator}
+					style={{ borderColor: item.color }}
+				/>
+				<span>{item.tooltipValue}</span>
+			</div>
+		</div>
+	);
+}
--- a/frontend/src/lib/uPlotV2/components/Tooltip/utils.ts
+++ b/frontend/src/lib/uPlotV2/components/Tooltip/utils.ts
@@ -38,16 +38,16 @@ export function getTooltipBaseValue({
 	// When series are hidden, we must use the next *visible* series, not index+1,
 	// since hidden series keep raw values and would produce negative/wrong results.
 	if (isStackedBarChart && baseValue !== null && series) {
-		let nextVisibleIdx = -1;
-		for (let j = index + 1; j < series.length; j++) {
-			if (series[j]?.show) {
-				nextVisibleIdx = j;
+		let nextVisibleSeriesIdx = -1;
+		for (let seriesIdx = index + 1; seriesIdx < series.length; seriesIdx++) {
+			if (series[seriesIdx]?.show) {
+				nextVisibleSeriesIdx = seriesIdx;
 				break;
 			}
 		}
-		if (nextVisibleIdx >= 1) {
-			const nextValue = data[nextVisibleIdx][dataIndex] ?? 0;
-			baseValue = baseValue - nextValue;
+		if (nextVisibleSeriesIdx >= 1) {
+			const nextStackedValue = data[nextVisibleSeriesIdx][dataIndex] ?? 0;
+			baseValue = baseValue - nextStackedValue;
 		}
 	}
 	return baseValue;
@@ -72,16 +72,15 @@ export function buildTooltipContent({
 	decimalPrecision?: PrecisionOption;
 	isStackedBarChart?: boolean;
 }): TooltipContentItem[] {
-	const active: TooltipContentItem[] = [];
-	const rest: TooltipContentItem[] = [];
+	const items: TooltipContentItem[] = [];

-	for (let index = 1; index < series.length; index += 1) {
-		const s = series[index];
-		if (!s?.show) {
+	for (let seriesIndex = 1; seriesIndex < series.length; seriesIndex += 1) {
+		const seriesItem = series[seriesIndex];
+		if (!seriesItem?.show) {
 			continue;
 		}

-		const dataIndex = dataIndexes[index];
+		const dataIndex = dataIndexes[seriesIndex];
 		// Skip series with no data at the current cursor position
 		if (dataIndex === null) {
 			continue;
@@ -89,30 +88,22 @@ export function buildTooltipContent({

 		const baseValue = getTooltipBaseValue({
 			data,
-			index,
+			index: seriesIndex,
 			dataIndex,
 			isStackedBarChart,
 			series,
 		});

-		const isActive = index === activeSeriesIndex;
-
 		if (Number.isFinite(baseValue) && baseValue !== null) {
-			const item: TooltipContentItem = {
-				label: String(s.label ?? ''),
+			items.push({
+				label: String(seriesItem.label ?? ''),
 				value: baseValue,
 				tooltipValue: getToolTipValue(baseValue, yAxisUnit, decimalPrecision),
-				color: resolveSeriesColor(s.stroke, uPlotInstance, index),
-				isActive,
-			};
-
-			if (isActive) {
-				active.push(item);
-			} else {
-				rest.push(item);
-			}
+				color: resolveSeriesColor(seriesItem.stroke, uPlotInstance, seriesIndex),
+				isActive: seriesIndex === activeSeriesIndex,
+			});
 		}
 	}

-	return [...active, ...rest];
+	return items;
 }
--- a/frontend/src/lib/uPlotV2/plugins/TooltipPlugin/TooltipPlugin.tsx
+++ b/frontend/src/lib/uPlotV2/plugins/TooltipPlugin/TooltipPlugin.tsx
@@ -36,8 +36,8 @@ const HOVER_DISMISS_DELAY_MS = 100;
 export default function TooltipPlugin({
 	config,
 	render,
-	maxWidth = 300,
-	maxHeight = 400,
+	maxWidth = 450,
+	maxHeight = 600,
 	syncMode = DashboardCursorSync.None,
 	syncKey = '_tooltip_sync_global_',
 	pinnedTooltipElement,
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -97,6 +97,9 @@ export default defineConfig(
 						javascriptEnabled: true,
 					},
 				},
+				modules: {
+					localsConvention: 'camelCaseOnly',
+				},
 			},
 			define: {
 				// TODO: Remove this in favor of import.meta.env
--- a/pkg/modules/serviceaccount/config.go
+++ b/pkg/modules/serviceaccount/config.go
@@ -32,7 +32,7 @@ func newConfig() factory.Config {
 			Domain: "signozserviceaccount.com",
 		},
 		Analytics: AnalyticsConfig{
-			Enabled: true,
+			Enabled: false,
 		},
 	}
 }
--- a/pkg/querybuilder/fallback_expr.go
+++ b/pkg/querybuilder/fallback_expr.go
@@ -211,6 +211,8 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 		case float64:
 			// try to convert the string value to to number
 			tblFieldName = castFloat(tblFieldName)
+		case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
+			tblFieldName = castFloat(tblFieldName)
 		case []any:
 			if allFloats(v) {
 				tblFieldName = castFloat(tblFieldName)
@@ -277,6 +279,18 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 				tblFieldName, value = castString(tblFieldName), toStrings(v)
 			}
 		}
+	case telemetrytypes.FieldDataTypeArrayDynamic:
+		switch v := value.(type) {
+		case string:
+			tblFieldName = castString(tblFieldName)
+		case float32, float64, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
+			tblFieldName = accurateCastFloat(tblFieldName)
+		case bool:
+			tblFieldName = castBool(tblFieldName)
+		case []any:
+			// dynamic array elements will be default casted to string
+			tblFieldName, value = castString(tblFieldName), toStrings(v)
+		}
 	}
 	return tblFieldName, value
 }
@@ -284,6 +298,10 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 func castFloat(col string) string     { return fmt.Sprintf("toFloat64OrNull(%s)", col) }
 func castFloatHack(col string) string { return fmt.Sprintf("toFloat64(%s)", col) }
 func castString(col string) string    { return fmt.Sprintf("toString(%s)", col) }
+func castBool(col string) string      { return fmt.Sprintf("accurateCastOrNull(%s, 'Bool')", col) }
+func accurateCastFloat(col string) string {
+	return fmt.Sprintf("accurateCastOrNull(%s, 'Float64')", col)
+}

 func allFloats(in []any) bool {
 	for _, x := range in {
--- a/pkg/telemetrylogs/json_condition_builder.go
+++ b/pkg/telemetrylogs/json_condition_builder.go
@@ -3,6 +3,7 @@ package telemetrylogs
 import (
 	"fmt"
 	"slices"
+	"strings"

 	schemamigrator "github.com/SigNoz/signoz-otel-collector/cmd/signozschemamigrator/schema_migrator"
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -33,182 +34,34 @@ func NewJSONConditionBuilder(key *telemetrytypes.TelemetryFieldKey, valueType te

 // BuildCondition builds the full WHERE condition for body_v2 JSON paths.
 func (c *jsonConditionBuilder) buildJSONCondition(operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	conditions := []string{}
-	for _, node := range c.key.JSONPlan {
-		condition, err := c.emitPlannedCondition(node, operator, value, sb)
-		if err != nil {
-			return "", err
-		}
-		conditions = append(conditions, condition)
+	baseCond, err := c.emitPlannedCondition(operator, value, sb)
+	if err != nil {
+		return "", err
 	}
-	baseCond := sb.Or(conditions...)

 	// path index
 	if operator.AddDefaultExistsFilter() {
 		pathIndex := fmt.Sprintf(`has(%s, '%s')`, schemamigrator.JSONPathsIndexExpr(LogsV2BodyV2Column), c.key.ArrayParentPaths()[0])
 		return sb.And(baseCond, pathIndex), nil
 	}
+
 	return baseCond, nil
 }

-// emitPlannedCondition handles paths with array traversal.
-func (c *jsonConditionBuilder) emitPlannedCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+func (c *jsonConditionBuilder) emitPlannedCondition(operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
 	// Build traversal + terminal recursively per-hop
-	compiled, err := c.recurseArrayHops(node, operator, value, sb)
-	if err != nil {
-		return "", err
-	}
-	return compiled, nil
-}
-
-// buildTerminalCondition creates the innermost condition.
-func (c *jsonConditionBuilder) buildTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	if node.TerminalConfig.ElemType.IsArray {
-		conditions := []string{}
-		// if the value type is not an array
-		// TODO(piyush): Confirm the Query built for Array case and add testcases for it later
-		if !c.valueType.IsArray {
-			// if operator is a String search Operator, then we need to build one more String comparison condition along with the Strict match condition
-			if operator.IsStringSearchOperator() {
-				formattedValue := querybuilder.FormatValueForContains(value)
-				arrayCond, err := c.buildArrayMembershipCondition(node, operator, formattedValue, sb)
-				if err != nil {
-					return "", err
-				}
-				conditions = append(conditions, arrayCond)
-			}
-
-			// switch operator for array membership checks
-			switch operator {
-			case qbtypes.FilterOperatorContains:
-				operator = qbtypes.FilterOperatorEqual
-			case qbtypes.FilterOperatorNotContains:
-				operator = qbtypes.FilterOperatorNotEqual
-			}
-		}
-
-		arrayCond, err := c.buildArrayMembershipCondition(node, operator, value, sb)
-		if err != nil {
-			return "", err
-		}
-		conditions = append(conditions, arrayCond)
-		// or the conditions together
-		return sb.Or(conditions...), nil
-	}
-
-	return c.buildPrimitiveTerminalCondition(node, operator, value, sb)
-}
-
-// buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
-// it handles the data type collisions and utilizes indexes for the condition if available.
-func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	fieldPath := node.FieldPath()
 	conditions := []string{}
-	var formattedValue = value
-	if operator.IsStringSearchOperator() {
-		formattedValue = querybuilder.FormatValueForContains(value)
-	}
-
-	elemType := node.TerminalConfig.ElemType
-	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
-	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)
-
-	// utilize indexes for the condition if available
-	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
-		return index.Type == elemType && index.ColumnExpression == fieldPath
-	})
-	if elemType.IndexSupported && indexed {
-		indexedExpr := assumeNotNull(fieldPath, elemType)
-		emptyValue := func() any {
-			switch elemType {
-			case telemetrytypes.String:
-				return ""
-			case telemetrytypes.Int64, telemetrytypes.Float64, telemetrytypes.Bool:
-				return 0
-			default:
-				return nil
-			}
-		}()
-
-		// switch the operator and value for exists and not exists
-		switch operator {
-		case qbtypes.FilterOperatorExists:
-			operator = qbtypes.FilterOperatorNotEqual
-			value = emptyValue
-		case qbtypes.FilterOperatorNotExists:
-			operator = qbtypes.FilterOperatorEqual
-			value = emptyValue
-		default:
-			// do nothing
-		}
-
-		indexedExpr, indexedComparisonValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, indexedExpr, operator)
-		cond, err := c.applyOperator(sb, indexedExpr, operator, indexedComparisonValue)
+	for _, node := range c.key.JSONPlan {
+		condition, err := c.recurseArrayHops(node, operator, value, sb)
 		if err != nil {
 			return "", err
 		}
-
-		// if qb has a definitive value, we can skip adding a condition to
-		// check the existence of the path in the json column
-		if value != emptyValue {
-			return cond, nil
-		}
-
-		conditions = append(conditions, cond)
-		// Switch operator to EXISTS since indexed paths on assumedNotNull, indexes will always have a default value
-		// So we flip the operator to Exists and filter the rows that actually have the value
-		operator = qbtypes.FilterOperatorExists
+		conditions = append(conditions, condition)
 	}

-	cond, err := c.applyOperator(sb, fieldExpr, operator, formattedValue)
-	if err != nil {
-		return "", err
-	}
-	conditions = append(conditions, cond)
-	if len(conditions) > 1 {
-		return sb.And(conditions...), nil
-	}
-	return conditions[0], nil
+	return sb.Or(conditions...), nil
 }

-// buildArrayMembershipCondition handles array membership checks.
-func (c *jsonConditionBuilder) buildArrayMembershipCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	arrayPath := node.FieldPath()
-	localKeyCopy := *node.TerminalConfig.Key
-	// create typed array out of a dynamic array
-	filteredDynamicExpr := func() string {
-		// Change the field data type from []dynamic to the value type
-		// since we've filtered the value type out of the dynamic array, we need to change the field data corresponding to the value type
-		localKeyCopy.FieldDataType = telemetrytypes.MappingJSONDataTypeToFieldDataType[telemetrytypes.ScalerTypeToArrayType[c.valueType]]
-
-		baseArrayDynamicExpr := fmt.Sprintf("dynamicElement(%s, 'Array(Dynamic)')", arrayPath)
-		return fmt.Sprintf("arrayMap(x->dynamicElement(x, '%s'), arrayFilter(x->(dynamicType(x) = '%s'), %s))",
-			c.valueType.StringValue(),
-			c.valueType.StringValue(),
-			baseArrayDynamicExpr)
-	}
-	typedArrayExpr := func() string {
-		return fmt.Sprintf("dynamicElement(%s, '%s')", arrayPath, node.TerminalConfig.ElemType.StringValue())
-	}
-
-	var arrayExpr string
-	if node.TerminalConfig.ElemType == telemetrytypes.ArrayDynamic {
-		arrayExpr = filteredDynamicExpr()
-	} else {
-		arrayExpr = typedArrayExpr()
-	}
-
-	key := "x"
-	fieldExpr, value := querybuilder.DataTypeCollisionHandledFieldName(&localKeyCopy, value, key, operator)
-	op, err := c.applyOperator(sb, fieldExpr, operator, value)
-	if err != nil {
-		return "", err
-	}
-
-	return fmt.Sprintf("arrayExists(%s -> %s, %s)", key, op, arrayExpr), nil
-}
-
-// recurseArrayHops recursively builds array traversal conditions.
 func (c *jsonConditionBuilder) recurseArrayHops(current *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
 	if current == nil {
 		return "", errors.NewInternalf(CodeArrayNavigationFailed, "navigation failed, current node is nil")
@@ -222,6 +75,33 @@ func (c *jsonConditionBuilder) recurseArrayHops(current *telemetrytypes.JSONAcce
 		return terminalCond, nil
 	}

+	// apply NOT at top level arrayExists so that any subsequent arrayExists fails we count it as true (matching log)
+	yes, operator := applyNotCondition(operator)
+	condition, err := c.buildAccessNodeBranches(current, operator, value, sb)
+	if err != nil {
+		return "", err
+	}
+
+	if yes {
+		return sb.Not(condition), nil
+	}
+
+	return condition, nil
+}
+
+func applyNotCondition(operator qbtypes.FilterOperator) (bool, qbtypes.FilterOperator) {
+	if operator.IsNegativeOperator() {
+		return true, operator.Inverse()
+	}
+	return false, operator
+}
+
+// buildAccessNodeBranches builds conditions for each branch of the access node.
+func (c *jsonConditionBuilder) buildAccessNodeBranches(current *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	if current == nil {
+		return "", errors.NewInternalf(CodeArrayNavigationFailed, "navigation failed, current node is nil")
+	}
+
 	currAlias := current.Alias()
 	fieldPath := current.FieldPath()
 	// Determine availability of Array(JSON) and Array(Dynamic) at this hop
@@ -256,6 +136,200 @@ func (c *jsonConditionBuilder) recurseArrayHops(current *telemetrytypes.JSONAcce
 	return sb.Or(branches...), nil
 }

+// buildTerminalCondition creates the innermost condition.
+func (c *jsonConditionBuilder) buildTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	if node.TerminalConfig.ElemType.IsArray {
+		// Note: here applyNotCondition will return true only if; top level path is an array; and operator is a negative operator
+		// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
+		yes, operator := applyNotCondition(operator)
+		cond, err := c.buildTerminalArrayCondition(node, operator, value, sb)
+		if err != nil {
+			return "", err
+		}
+
+		if yes {
+			return sb.Not(cond), nil
+		}
+		return cond, nil
+	}
+
+	return c.buildPrimitiveTerminalCondition(node, operator, value, sb)
+}
+
+func getEmptyValue(elemType telemetrytypes.JSONDataType) any {
+	switch elemType {
+	case telemetrytypes.String:
+		return ""
+	case telemetrytypes.Int64, telemetrytypes.Float64, telemetrytypes.Bool:
+		return 0
+	default:
+		return nil
+	}
+}
+
+func (c *jsonConditionBuilder) terminalIndexedCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	fieldPath := node.FieldPath()
+	if strings.Contains(fieldPath, telemetrytypes.ArraySepSuffix) {
+		return "", errors.NewInternalf(CodeArrayNavigationFailed, "can not build index condition for array field %s", fieldPath)
+	}
+
+	elemType := node.TerminalConfig.ElemType
+	dynamicExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
+	indexedExpr := assumeNotNull(dynamicExpr)
+
+	// switch the operator and value for exists and not exists
+	switch operator {
+	case qbtypes.FilterOperatorExists:
+		operator = qbtypes.FilterOperatorNotEqual
+		value = getEmptyValue(elemType)
+	case qbtypes.FilterOperatorNotExists:
+		operator = qbtypes.FilterOperatorEqual
+		value = getEmptyValue(elemType)
+	default:
+		// do nothing
+	}
+
+	indexedExpr, formattedValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, indexedExpr, operator)
+	cond, err := c.applyOperator(sb, indexedExpr, operator, formattedValue)
+	if err != nil {
+		return "", err
+	}
+
+	return cond, nil
+}
+
+// buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
+// it handles the data type collisions and utilizes indexes for the condition if available.
+func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	fieldPath := node.FieldPath()
+	conditions := []string{}
+
+	// utilize indexes for the condition if available
+	//
+	// Note: Indexing code doesn't get executed for Array Nested fields because they can not be indexed
+	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
+		return index.Type == node.TerminalConfig.ElemType
+	})
+	if node.TerminalConfig.ElemType.IndexSupported && indexed {
+		indexCond, err := c.terminalIndexedCondition(node, operator, value, sb)
+		if err != nil {
+			return "", err
+		}
+		// if qb has a definitive value, we can skip adding a condition to
+		// check the existence of the path in the json column
+		if value != nil && value != getEmptyValue(node.TerminalConfig.ElemType) {
+			return indexCond, nil
+		}
+
+		conditions = append(conditions, indexCond)
+
+		// Switch operator to EXISTS except when operator is NOT EXISTS since
+		// indexed paths on assumedNotNull, indexes will always have a default
+		// value so we flip the operator to Exists and filter the rows that
+		// actually have the value
+		if operator != qbtypes.FilterOperatorNotExists {
+			operator = qbtypes.FilterOperatorExists
+		}
+	}
+
+	var formattedValue = value
+	if operator.IsStringSearchOperator() {
+		formattedValue = querybuilder.FormatValueForContains(value)
+	}
+
+	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue())
+
+	// if operator is negative and has a value comparison i.e. excluding EXISTS and NOT EXISTS, we need to assume that the field exists everywhere
+	//
+	// Note: here applyNotCondition will return true only if; top level path is being queried and operator is a negative operator
+	// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
+	if node.IsNonNestedPath() {
+		yes, _ := applyNotCondition(operator)
+		if yes {
+			switch operator {
+			case qbtypes.FilterOperatorNotExists:
+				// skip
+			default:
+				fieldExpr = assumeNotNull(fieldExpr)
+			}
+		}
+	}
+
+	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)
+	cond, err := c.applyOperator(sb, fieldExpr, operator, formattedValue)
+	if err != nil {
+		return "", err
+	}
+	conditions = append(conditions, cond)
+	if len(conditions) > 1 {
+		return sb.And(conditions...), nil
+	}
+	return conditions[0], nil
+}
+
+func (c *jsonConditionBuilder) buildTerminalArrayCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	conditions := []string{}
+	// if operator is a String search Operator, then we need to build one more String comparison condition along with the Strict match condition
+	if operator.IsStringSearchOperator() {
+		formattedValue := querybuilder.FormatValueForContains(value)
+		arrayCond, err := c.buildArrayMembershipCondition(node, operator, formattedValue, sb)
+		if err != nil {
+			return "", err
+		}
+		conditions = append(conditions, arrayCond)
+
+		// switch operator for array membership checks
+		switch operator {
+		case qbtypes.FilterOperatorContains:
+			operator = qbtypes.FilterOperatorEqual
+		case qbtypes.FilterOperatorNotContains:
+			operator = qbtypes.FilterOperatorNotEqual
+		}
+	}
+
+	arrayCond, err := c.buildArrayMembershipCondition(node, operator, value, sb)
+	if err != nil {
+		return "", err
+	}
+	conditions = append(conditions, arrayCond)
+	if len(conditions) > 1 {
+		return sb.Or(conditions...), nil
+	}
+
+	return conditions[0], nil
+}
+
+// buildArrayMembershipCondition builds condition of the part where Arrays becomes primitive typed Arrays
+// e.g. [300, 404, 500], and value operations will work on the array elements.
+func (c *jsonConditionBuilder) buildArrayMembershipCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	arrayPath := node.FieldPath()
+	// create typed array out of a dynamic array
+	filteredDynamicExpr := func() string {
+		baseArrayDynamicExpr := fmt.Sprintf("dynamicElement(%s, 'Array(Dynamic)')", arrayPath)
+		return fmt.Sprintf("arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), %s)",
+			baseArrayDynamicExpr)
+	}
+	typedArrayExpr := func() string {
+		return fmt.Sprintf("dynamicElement(%s, '%s')", arrayPath, node.TerminalConfig.ElemType.StringValue())
+	}
+
+	var arrayExpr string
+	if node.TerminalConfig.ElemType == telemetrytypes.ArrayDynamic {
+		arrayExpr = filteredDynamicExpr()
+	} else {
+		arrayExpr = typedArrayExpr()
+	}
+
+	key := "x"
+	fieldExpr, value := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, key, operator)
+	op, err := c.applyOperator(sb, fieldExpr, operator, value)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("arrayExists(%s -> %s, %s)", key, op, arrayExpr), nil
+}
+
 func (c *jsonConditionBuilder) applyOperator(sb *sqlbuilder.SelectBuilder, fieldExpr string, operator qbtypes.FilterOperator, value any) (string, error) {
 	switch operator {
 	case qbtypes.FilterOperatorEqual:
@@ -317,6 +391,6 @@ func (c *jsonConditionBuilder) applyOperator(sb *sqlbuilder.SelectBuilder, field
 	}
 }

-func assumeNotNull(column string, elemType telemetrytypes.JSONDataType) string {
-	return fmt.Sprintf("assumeNotNull(dynamicElement(%s, '%s'))", column, elemType.StringValue())
+func assumeNotNull(fieldExpr string) string {
+	return fmt.Sprintf("assumeNotNull(%s)", fieldExpr)
 }
--- a/pkg/telemetrylogs/json_stmt_builder_test.go
+++ b/pkg/telemetrylogs/json_stmt_builder_test.go
--- a/pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go
@@ -113,6 +113,29 @@ const (
 	FilterOperatorNotContains
 )

+var operatorInverseMapping = map[FilterOperator]FilterOperator{
+	FilterOperatorEqual:           FilterOperatorNotEqual,
+	FilterOperatorNotEqual:        FilterOperatorEqual,
+	FilterOperatorGreaterThan:     FilterOperatorLessThanOrEq,
+	FilterOperatorGreaterThanOrEq: FilterOperatorLessThan,
+	FilterOperatorLessThan:        FilterOperatorGreaterThanOrEq,
+	FilterOperatorLessThanOrEq:    FilterOperatorGreaterThan,
+	FilterOperatorLike:            FilterOperatorNotLike,
+	FilterOperatorNotLike:         FilterOperatorLike,
+	FilterOperatorILike:           FilterOperatorNotILike,
+	FilterOperatorNotILike:        FilterOperatorILike,
+	FilterOperatorBetween:         FilterOperatorNotBetween,
+	FilterOperatorNotBetween:      FilterOperatorBetween,
+	FilterOperatorIn:              FilterOperatorNotIn,
+	FilterOperatorNotIn:           FilterOperatorIn,
+	FilterOperatorExists:          FilterOperatorNotExists,
+	FilterOperatorNotExists:       FilterOperatorExists,
+	FilterOperatorRegexp:          FilterOperatorNotRegexp,
+	FilterOperatorNotRegexp:       FilterOperatorRegexp,
+	FilterOperatorContains:        FilterOperatorNotContains,
+	FilterOperatorNotContains:     FilterOperatorContains,
+}
+
 // AddDefaultExistsFilter returns true if addl exists filter should be added to the query
 // For the negative predicates, we don't want to add the exists filter. Why?
 // Say for example, user adds a filter `service.name != "redis"`, we can't interpret it
@@ -162,6 +185,10 @@ func (f FilterOperator) IsNegativeOperator() bool {
 	return true
 }

+func (f FilterOperator) Inverse() FilterOperator {
+	return operatorInverseMapping[f]
+}
+
 func (f FilterOperator) IsComparisonOperator() bool {
 	switch f {
 	case FilterOperatorGreaterThan, FilterOperatorGreaterThanOrEq, FilterOperatorLessThan, FilterOperatorLessThanOrEq:
--- a/pkg/types/serviceaccounttypes/factor_api_key.go
+++ b/pkg/types/serviceaccounttypes/factor_api_key.go
@@ -20,6 +20,7 @@ var (
 	ErrCodeAPIKeyAlreadyExists = errors.MustNewCode("api_key_already_exists")
 	ErrCodeAPIKeytNotFound     = errors.MustNewCode("api_key_not_found")
 	ErrCodeAPIKeyExpired       = errors.MustNewCode("api_key_expired")
+	errInvalidAPIKeyName       = errors.New(errors.TypeInvalidInput, ErrCodeAPIKeyInvalidInput, "name must be 1–80 characters long and contain only lowercase letters (a-z) and hyphens (-)")
 )

 type FactorAPIKey struct {
@@ -112,7 +113,7 @@ func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}

 	if match := factorAPIKeyNameRegex.MatchString(temp.Name); !match {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeAPIKeyInvalidInput, "name must conform to the regex: %s", factorAPIKeyNameRegex.String())
+		return errInvalidAPIKeyName
 	}

 	if temp.ExpiresAt != 0 && time.Now().After(time.Unix(int64(temp.ExpiresAt), 0)) {
@@ -132,7 +133,7 @@ func (key *UpdatableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}

 	if match := factorAPIKeyNameRegex.MatchString(temp.Name); !match {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeAPIKeyInvalidInput, "name must conform to the regex: %s", factorAPIKeyNameRegex.String())
+		return errInvalidAPIKeyName
 	}

 	if temp.ExpiresAt != 0 && time.Now().After(time.Unix(int64(temp.ExpiresAt), 0)) {
--- a/pkg/types/serviceaccounttypes/service_acccount.go
+++ b/pkg/types/serviceaccounttypes/service_acccount.go
@@ -23,6 +23,7 @@ var (
 	ErrCodeServiceAccountNotFound             = errors.MustNewCode("service_account_not_found")
 	ErrCodeServiceAccountRoleAlreadyExists    = errors.MustNewCode("service_account_role_already_exists")
 	ErrCodeServiceAccountOperationUnsupported = errors.MustNewCode("service_account_operation_unsupported")
+	errInvalidServiceAccountName              = errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must be 1–50 characters long and contain only lowercase letters (a-z) and hyphens (-)")
 )

 var (
@@ -214,7 +215,7 @@ func (serviceAccount *PostableServiceAccount) UnmarshalJSON(data []byte) error {
 	}

 	if match := serviceAccountNameRegex.MatchString(temp.Name); !match {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must conform to the regex: %s", serviceAccountNameRegex.String())
+		return errInvalidServiceAccountName
 	}

 	*serviceAccount = PostableServiceAccount(temp)
--- a/pkg/types/telemetrytypes/json_access_plan.go
+++ b/pkg/types/telemetrytypes/json_access_plan.go
@@ -90,6 +90,11 @@ func (n *JSONAccessNode) FieldPath() string {
 	return n.Parent.Alias() + "." + key
 }

+// Returns true if the current node is a non-nested path.
+func (n *JSONAccessNode) IsNonNestedPath() bool {
+	return !strings.Contains(n.FieldPath(), ArraySep)
+}
+
 func (n *JSONAccessNode) BranchesInOrder() []JSONAccessBranchType {
 	return slices.SortedFunc(maps.Keys(n.Branches), func(a, b JSONAccessBranchType) int {
 		return strings.Compare(b.StringValue(), a.StringValue())
--- a/pkg/types/telemetrytypes/test_data.go
+++ b/pkg/types/telemetrytypes/test_data.go
@@ -8,65 +8,101 @@ package telemetrytypes
 // This represents the type information available in the test JSON structure.
 func TestJSONTypeSet() (map[string][]JSONDataType, MetadataStore) {
 	types := map[string][]JSONDataType{
-		"user.name":                                           {String},
-		"user.permissions":                                    {ArrayString},
-		"user.age":                                            {Int64, String},
-		"user.height":                                         {Float64},
-		"education":                                           {ArrayJSON},
-		"education[].name":                                    {String},
-		"education[].type":                                    {String, Int64},
-		"education[].internal_type":                           {String},
-		"education[].metadata.location":                       {String},
-		"education[].parameters":                              {ArrayFloat64, ArrayDynamic},
-		"education[].duration":                                {String},
-		"education[].mode":                                    {String},
-		"education[].year":                                    {Int64},
-		"education[].field":                                   {String},
-		"education[].awards":                                  {ArrayDynamic, ArrayJSON},
-		"education[].awards[].name":                           {String},
-		"education[].awards[].rank":                           {Int64},
-		"education[].awards[].medal":                          {String},
-		"education[].awards[].type":                           {String},
-		"education[].awards[].semester":                       {Int64},
-		"education[].awards[].participated":                   {ArrayDynamic, ArrayJSON},
-		"education[].awards[].participated[].type":            {String},
-		"education[].awards[].participated[].field":           {String},
-		"education[].awards[].participated[].project_type":    {String},
-		"education[].awards[].participated[].project_name":    {String},
-		"education[].awards[].participated[].race_type":       {String},
-		"education[].awards[].participated[].team_based":      {Bool},
-		"education[].awards[].participated[].team_name":       {String},
-		"education[].awards[].participated[].team":            {ArrayJSON},
-		"education[].awards[].participated[].members":         {ArrayString},
-		"education[].awards[].participated[].team[].name":     {String},
-		"education[].awards[].participated[].team[].branch":   {String},
-		"education[].awards[].participated[].team[].semester": {Int64},
-		"interests":                                                                  {ArrayJSON},
-		"interests[].type":                                                           {String},
-		"interests[].entities":                                                       {ArrayJSON},
-		"interests[].entities.application_date":                                      {String},
-		"interests[].entities[].reviews":                                             {ArrayJSON},
-		"interests[].entities[].reviews[].given_by":                                  {String},
-		"interests[].entities[].reviews[].remarks":                                   {String},
-		"interests[].entities[].reviews[].weight":                                    {Float64},
-		"interests[].entities[].reviews[].passed":                                    {Bool},
-		"interests[].entities[].reviews[].type":                                      {String},
-		"interests[].entities[].reviews[].analysis_type":                             {Int64},
-		"interests[].entities[].reviews[].entries":                                   {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].subject":                         {String},
-		"interests[].entities[].reviews[].entries[].status":                          {String},
-		"interests[].entities[].reviews[].entries[].metadata":                        {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].company":              {String},
-		"interests[].entities[].reviews[].entries[].metadata[].experience":           {Int64},
-		"interests[].entities[].reviews[].entries[].metadata[].unit":                 {String},
-		"interests[].entities[].reviews[].entries[].metadata[].positions":            {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":     {String},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].duration": {Int64, Float64},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].unit":     {String},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings":  {ArrayInt64, ArrayString},
-		"message": {String},
-		"tags":    {ArrayString},
+
+		// ── user (primitives) ─────────────────────────────────────────────
+		"user.name":        {String},
+		"user.permissions": {ArrayString},
+		"user.age":         {Int64, String}, // Int64/String ambiguity
+		"user.height":      {Float64},
+		"user.active":      {Bool}, // Bool — not IndexSupported
+
+		// Deeper non-array nesting (a.b.c — no array hops)
+		"user.address.zip": {Int64},
+
+		// ── education[] ───────────────────────────────────────────────────
+		// Pattern: x[].y
+		"education":              {ArrayJSON},
+		"education[].name":       {String},
+		"education[].type":       {String, Int64},
+		"education[].year":       {Int64},
+		"education[].scores":     {ArrayInt64},
+		"education[].parameters": {ArrayFloat64, ArrayDynamic},
+
+		// Pattern: x[].y[]
+		"education[].awards": {ArrayDynamic, ArrayJSON},
+
+		// Pattern: x[].y[].z
+		"education[].awards[].name":     {String},
+		"education[].awards[].type":     {String},
+		"education[].awards[].semester": {Int64},
+
+		// Pattern: x[].y[].z[]
+		"education[].awards[].participated": {ArrayDynamic, ArrayJSON},
+
+		// Pattern: x[].y[].z[].w
+		"education[].awards[].participated[].members": {ArrayString},
+
+		// Pattern: x[].y[].z[].w[]
+		"education[].awards[].participated[].team": {ArrayJSON},
+
+		// Pattern: x[].y[].z[].w[].v
+		"education[].awards[].participated[].team[].branch": {String},
+
+		// ── interests[] ───────────────────────────────────────────────────
+		"interests":                                                                 {ArrayJSON},
+		"interests[].entities":                                                      {ArrayJSON},
+		"interests[].entities[].reviews":                                            {ArrayJSON},
+		"interests[].entities[].reviews[].entries":                                  {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata":                       {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions":           {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {ArrayInt64, ArrayString},
+		"http-events":                     {ArrayJSON},
+		"http-events[].request-info.host": {String},
+		"ids":                             {ArrayDynamic},
+
+		// ── top-level primitives ──────────────────────────────────────────
+		"message":     {String},
+		"http-status": {Int64, String}, // hyphen in root key, ambiguous
+
+		// ── top-level nested objects (no array hops) ───────────────────────
+		"response.time-taken": {Float64}, // hyphen inside nested key
 	}

 	return types, nil
 }
+
+// TestIndexedPathEntry is a path + JSON type pair representing a field
+// backed by a ClickHouse skip index in the test data.
+//
+// Only non-array paths with IndexSupported types (String, Int64, Float64)
+// are valid entries — arrays and Bool cannot carry a skip index.
+//
+// The ColumnExpression for each entry is computed at test-setup time from
+// the access plan, since it depends on the column name (e.g. body_v2)
+// which is unknown to this package.
+type TestIndexedPathEntry struct {
+	Path string
+	Type JSONDataType
+}
+
+// TestIndexedPaths lists path+type pairs from TestJSONTypeSet that are
+// backed by a JSON data type index. Test setup uses this to populate
+// key.Indexes after calling SetJSONAccessPlan.
+//
+// Intentionally excluded:
+//   - user.active → Bool, IndexSupported=false
+var TestIndexedPaths = []TestIndexedPathEntry{
+	// user primitives
+	{Path: "user.name", Type: String},
+
+	// user.address — deeper non-array nesting
+	{Path: "user.address.zip", Type: Int64},
+
+	// root-level with special characters
+	{Path: "http-status", Type: Int64},
+	{Path: "http-status", Type: String},
+
+	// root-level nested objects (no array hops)
+	{Path: "response.time-taken", Type: Float64},
+}
--- a/tests/integration/conftest.py
+++ b/tests/integration/conftest.py
@@ -22,6 +22,7 @@ pytest_plugins = [
    "fixtures.notification_channel",
    "fixtures.alerts",
    "fixtures.cloudintegrations",
+    "fixtures.jsontypeexporter",
 ]


--- a/tests/integration/fixtures/jsontypeexporter.py
+++ b/tests/integration/fixtures/jsontypeexporter.py
@@ -0,0 +1,421 @@
+"""
+Simpler version of jsontypeexporter for test fixtures.
+This exports JSON type metadata to the path_types table by parsing JSON bodies
+and extracting all paths with their types, similar to how the real jsontypeexporter works.
+"""
+import datetime
+import json
+from abc import ABC
+from typing import TYPE_CHECKING, Any, Callable, Dict, Generator, List, Optional, Set, Union
+
+import numpy as np
+import pytest
+
+from fixtures import types
+
+if TYPE_CHECKING:
+    from fixtures.logs import Logs
+
+
+class JSONPathType(ABC):
+    """Represents a JSON path with its type information"""
+    path: str
+    type: str
+    last_seen: np.uint64
+
+    def __init__(
+        self,
+        path: str,
+        type: str,  # pylint: disable=redefined-builtin
+        last_seen: Optional[datetime.datetime] = None,
+    ) -> None:
+        self.path = path
+        self.type = type
+        if last_seen is None:
+            last_seen = datetime.datetime.now()
+        self.last_seen = np.uint64(int(last_seen.timestamp() * 1e9))
+
+    def np_arr(self) -> np.array:
+        """Return path type data as numpy array for database insertion"""
+        return np.array([self.path, self.type, self.last_seen])
+
+
+# Constants matching jsontypeexporter
+ARRAY_SEPARATOR = "[]."  # Used in paths like "education[].name"
+ARRAY_SUFFIX = "[]"      # Used when traversing into array element objects
+
+
+def _infer_array_type_from_type_strings(types: List[str]) -> Optional[str]:
+    """
+    Infer array type from a list of pre-classified type strings.
+    Matches jsontypeexporter's inferArrayMask logic (v0.144.2+).
+
+    Type strings are: "JSON", "String", "Bool", "Float64", "Int64"
+
+    SuperTyping rules (matching Go inferArrayMask):
+    - JSON alone → Array(JSON)
+    - JSON + any primitive → Array(Dynamic)
+    - String alone → Array(Nullable(String)); String + other → Array(Dynamic)
+    - Float64 wins over Int64 and Bool
+    - Int64 wins over Bool
+    - Bool alone → Array(Nullable(Bool))
+    """
+    if len(types) == 0:
+        return None
+
+    unique = set(types)
+
+    has_json = "JSON" in unique
+    # hasPrimitive mirrors Go: (hasJSON && len(unique) > 1) || (!hasJSON && len(unique) > 0)
+    has_primitive = (has_json and len(unique) > 1) or (not has_json and len(unique) > 0)
+
+    if has_json:
+        if not has_primitive:
+            return "Array(JSON)"
+        return "Array(Dynamic)"
+
+    # ---- Primitive Type Resolution (Float > Int > Bool) ----
+    if "String" in unique:
+        if len(unique) > 1:
+            return "Array(Dynamic)"
+        return "Array(Nullable(String))"
+
+    if "Float64" in unique:
+        return "Array(Nullable(Float64))"
+    if "Int64" in unique:
+        return "Array(Nullable(Int64))"
+    if "Bool" in unique:
+        return "Array(Nullable(Bool))"
+
+    return "Array(Dynamic)"
+
+
+def _infer_array_type(elements: List[Any]) -> Optional[str]:
+    """
+    Infer array type from raw Python list elements.
+    Classifies each element then delegates to _infer_array_type_from_type_strings.
+    """
+    if len(elements) == 0:
+        return None
+
+    types = []
+    for elem in elements:
+        if elem is None:
+            continue
+        if isinstance(elem, dict):
+            types.append("JSON")
+        elif isinstance(elem, str):
+            types.append("String")
+        elif isinstance(elem, bool):  # must be before int (bool is subclass of int)
+            types.append("Bool")
+        elif isinstance(elem, float):
+            types.append("Float64")
+        elif isinstance(elem, int):
+            types.append("Int64")
+
+    return _infer_array_type_from_type_strings(types)
+
+
+def _python_type_to_clickhouse_type(value: Any) -> str:
+    """
+    Convert Python type to ClickHouse JSON type string.
+    Maps Python types to ClickHouse JSON data types.
+    """
+    if value is None:
+        return "String"  # Default for null values
+    
+    if isinstance(value, bool):
+        return "Bool"
+    elif isinstance(value, int):
+        return "Int64"
+    elif isinstance(value, float):
+        return "Float64"
+    elif isinstance(value, str):
+        return "String"
+    elif isinstance(value, list):
+        # Use the sophisticated array type inference
+        array_type = _infer_array_type(value)
+        return array_type if array_type else "Array(Dynamic)"
+    elif isinstance(value, dict):
+        return "JSON"
+    else:
+        return "String"  # Default fallback
+
+
+def _extract_json_paths(
+    obj: Any,
+    current_path: str = "",
+    path_types: Optional[Dict[str, Set[str]]] = None,
+    level: int = 0,
+) -> Dict[str, Set[str]]:
+    """
+    Recursively extract all paths and their types from a JSON object.
+    Matches jsontypeexporter's analyzePValue logic.
+    
+    Args:
+        obj: The JSON object to traverse
+        current_path: Current path being built (e.g., "user.name")
+        path_types: Dictionary mapping paths to sets of types found
+        level: Current nesting level (for depth limiting)
+    
+    Returns:
+        Dictionary mapping paths to sets of type strings
+    """
+    if path_types is None:
+        path_types = {}
+
+    if obj is None:
+        if current_path:
+            if current_path not in path_types:
+                path_types[current_path] = set()
+            path_types[current_path].add("String")  # Null defaults to String
+        return path_types
+    
+    if isinstance(obj, dict):
+        # For objects, add the object itself and recurse into keys
+        if current_path:
+            if current_path not in path_types:
+                path_types[current_path] = set()
+            path_types[current_path].add("JSON")
+        
+        for key, value in obj.items():
+            # Build the path for this key
+            if current_path:
+                new_path = f"{current_path}.{key}"
+            else:
+                new_path = key
+            
+            # Recurse into the value
+            _extract_json_paths(value, new_path, path_types, level + 1)
+    
+    elif isinstance(obj, list):
+        # Skip empty arrays
+        if len(obj) == 0:
+            return path_types
+        
+        # Collect types from array elements (matching Go: types := make([]pcommon.ValueType, 0, s.Len()))
+        types = []
+        
+        for item in obj:
+            if isinstance(item, dict):
+                # When traversing into array element objects, use ArraySuffix ([])
+                # This matches: prefix+ArraySuffix in the Go code
+                # Example: if current_path is "education", we use "education[]" to traverse into objects
+                array_prefix = current_path + ARRAY_SUFFIX if current_path else ""
+                for key, value in item.items():
+                    if array_prefix:
+                        # Use array separator: education[].name
+                        array_path = f"{array_prefix}.{key}"
+                    else:
+                        array_path = key
+                    # Recurse without increasing level (matching Go behavior)
+                    _extract_json_paths(value, array_path, path_types, level)
+                types.append("JSON")
+            elif isinstance(item, list):
+                # Arrays inside arrays are not supported - skip the whole path
+                # Matching Go: e.logger.Error("arrays inside arrays are not supported!", ...); return nil
+                return path_types
+            elif isinstance(item, str):
+                types.append("String")
+            elif isinstance(item, bool):
+                types.append("Bool")
+            elif isinstance(item, float):
+                types.append("Float64")
+            elif isinstance(item, int):
+                types.append("Int64")
+        
+        # Infer array type from collected types (matching Go: if mask := inferArrayMask(types); mask != 0)
+        if len(types) > 0:
+            array_type = _infer_array_type_from_type_strings(types)
+            if array_type and current_path:
+                if current_path not in path_types:
+                    path_types[current_path] = set()
+                path_types[current_path].add(array_type)
+    
+    else:
+        # Primitive value (string, number, bool)
+        if current_path:
+            if current_path not in path_types:
+                path_types[current_path] = set()
+            obj_type = _python_type_to_clickhouse_type(obj)
+            path_types[current_path].add(obj_type)
+    
+    return path_types
+
+
+def _parse_json_bodies_and_extract_paths(
+    json_bodies: List[str],
+    timestamp: Optional[datetime.datetime] = None,
+) -> List[JSONPathType]:
+    """
+    Parse JSON bodies and extract all paths with their types.
+    This mimics the behavior of jsontypeexporter.
+    
+    Args:
+        json_bodies: List of JSON body strings to parse
+        timestamp: Timestamp to use for last_seen (defaults to now)
+    
+    Returns:
+        List of JSONPathType objects with all discovered paths and types
+    """
+    if timestamp is None:
+        timestamp = datetime.datetime.now()
+    
+    # Aggregate all paths and their types across all JSON bodies
+    all_path_types: Dict[str, Set[str]] = {}
+    
+    for json_body in json_bodies:
+        try:
+            parsed = json.loads(json_body)
+            _extract_json_paths(parsed, "", all_path_types, level=0)
+        except (json.JSONDecodeError, TypeError):
+            # Skip invalid JSON
+            continue
+    
+    # Convert to list of JSONPathType objects
+    # Each path can have multiple types, so we create one JSONPathType per type
+    path_type_objects: List[JSONPathType] = []
+    for path, types_set in all_path_types.items():
+        for type_str in types_set:
+            path_type_objects.append(
+                JSONPathType(path=path, type=type_str, last_seen=timestamp)
+            )
+    
+    return path_type_objects
+
+
+@pytest.fixture(name="export_json_types", scope="function")
+def export_json_types(
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,  # To access migrator fixture
+) -> Generator[Callable[[Union[List[JSONPathType], List[str], List[Any]]], None], Any, None]:
+    """
+    Fixture for exporting JSON type metadata to the path_types table.
+    This is a simpler version of jsontypeexporter for test fixtures.
+    
+    The function can accept:
+    1. List of JSONPathType objects (manual specification)
+    2. List of JSON body strings (auto-extract paths)
+    3. List of Logs objects (extract from body_json field)
+    
+    Usage examples:
+        # Manual specification
+        export_json_types([
+            JSONPathType(path="user.name", type="String"),
+            JSONPathType(path="user.age", type="Int64"),
+        ])
+        
+        # Auto-extract from JSON strings
+        export_json_types([
+            '{"user": {"name": "alice", "age": 25}}',
+            '{"user": {"name": "bob", "age": 30}}',
+        ])
+        
+        # Auto-extract from Logs objects
+        export_json_types(logs_list)
+    """
+    # Ensure migrator has run to create the table
+    try:
+        request.getfixturevalue("migrator")
+    except Exception:
+        # If migrator fixture is not available, that's okay - table might already exist
+        pass
+    
+    def _export_json_types(
+        data: Union[List[JSONPathType], List[str], List[Any]],  # List[Logs] but avoiding circular import
+    ) -> None:
+        """
+        Export JSON type metadata to signoz_metadata.distributed_json_path_types table.
+        This table stores path and type information for body JSON fields.
+        """
+        path_types: List[JSONPathType] = []
+        
+        if len(data) == 0:
+            return
+        
+        # Determine input type and convert to JSONPathType list
+        first_item = data[0]
+        
+        if isinstance(first_item, JSONPathType):
+            # Already JSONPathType objects
+            path_types = data  # type: ignore
+        elif isinstance(first_item, str):
+            # List of JSON strings - parse and extract paths
+            path_types = _parse_json_bodies_and_extract_paths(data)  # type: ignore
+        else:
+            # Assume it's a list of Logs objects - extract body_v2
+            json_bodies: List[str] = []
+            for log in data:  # type: ignore
+                # Try to get body_v2 attribute
+                if hasattr(log, "body_v2") and log.body_v2:
+                    json_bodies.append(log.body_v2)
+                elif hasattr(log, "body") and log.body:
+                    # Fallback to body if body_v2 not available
+                    try:
+                        # Try to parse as JSON
+                        json.loads(log.body)
+                        json_bodies.append(log.body)
+                    except (json.JSONDecodeError, TypeError):
+                        pass
+            
+            if json_bodies:
+                path_types = _parse_json_bodies_and_extract_paths(json_bodies)
+        
+        if len(path_types) == 0:
+            return
+
+        clickhouse.conn.insert(
+            database="signoz_metadata",
+            table="distributed_json_path_types",
+            data=[path_type.np_arr() for path_type in path_types],
+            column_names=[
+                "path",
+                "type",
+                "last_seen",
+            ],
+        )
+
+    yield _export_json_types
+
+    # Cleanup - truncate the local table after tests (following pattern from logs fixture)
+    clickhouse.conn.query(
+        f"TRUNCATE TABLE signoz_metadata.json_path_types ON CLUSTER '{clickhouse.env['SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_CLUSTER']}' SYNC"
+    )
+
+
+@pytest.fixture(name="export_promoted_paths", scope="function")
+def export_promoted_paths(
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,  # To access migrator fixture
+) -> Generator[Callable[[List[str]], None], Any, None]:
+    """
+    Fixture for exporting promoted JSON paths to the promoted paths table.
+    """
+    # Ensure migrator has run to create the table
+    try:
+        request.getfixturevalue("migrator")
+    except Exception:
+        # If migrator fixture is not available, that's okay - table might already exist
+        pass
+
+    def _export_promoted_paths(paths: List[str]) -> None:
+        if len(paths) == 0:
+            return
+
+        now_ms = int(datetime.datetime.now().timestamp() * 1000)
+        rows = [(path, now_ms) for path in paths]
+        clickhouse.conn.insert(
+            database="signoz_metadata",
+            table="distributed_json_promoted_paths",
+            data=rows,
+            column_names=[
+                "path",
+                "created_at",
+            ],
+        )
+
+    yield _export_promoted_paths
+
+    clickhouse.conn.query(
+        f"TRUNCATE TABLE signoz_metadata.json_promoted_paths ON CLUSTER '{clickhouse.env['SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_CLUSTER']}' SYNC"
+    )
--- a/tests/integration/fixtures/logs.py
+++ b/tests/integration/fixtures/logs.py
@@ -122,6 +122,8 @@ class Logs(ABC):
        resources: dict[str, Any] = {},
        attributes: dict[str, Any] = {},
        body: str = "default body",
+        body_v2: Optional[str] = None,
+        body_promoted: Optional[str] = None,
        severity_text: str = "INFO",
        trace_id: str = "",
        span_id: str = "",
@@ -167,6 +169,33 @@ class Logs(ABC):
        # Set body
        self.body = body

+        # Set body_v2 - if body is JSON, parse and stringify it, otherwise use empty string
+        # ClickHouse accepts String input for JSON column
+        if body_v2 is not None:
+            self.body_v2 = body_v2
+        else:
+            # Try to parse body as JSON; if successful use it directly,
+            # otherwise wrap as {"message": body} matching the normalize operator behavior.
+            try:
+                json.loads(body)
+                self.body_v2 = body
+            except (json.JSONDecodeError, TypeError):
+                self.body_v2 = json.dumps({"message": body})
+
+        # Set body_promoted - must be valid JSON
+        # Tests will explicitly pass promoted column's content, but we validate it
+        if body_promoted is not None:
+            # Validate that it's valid JSON
+            try:
+                json.loads(body_promoted)
+                self.body_promoted = body_promoted
+            except (json.JSONDecodeError, TypeError):
+                # If invalid, default to empty JSON object
+                self.body_promoted = "{}"
+        else:
+            # Default to empty JSON object (valid JSON)
+            self.body_promoted = "{}"
+
        # Process resources and attributes
        self.resources_string = {k: str(v) for k, v in resources.items()}
        self.resource_json = (
@@ -326,6 +355,8 @@ class Logs(ABC):
                self.severity_text,
                self.severity_number,
                self.body,
+                self.body_v2,
+                self.body_promoted,
                self.attributes_string,
                self.attributes_number,
                self.attributes_bool,
@@ -470,6 +501,8 @@ def insert_logs(
                "severity_text",
                "severity_number",
                "body",
+                "body_v2",
+                "body_promoted",
                "attributes_string",
                "attributes_number",
                "attributes_bool",
--- a/tests/integration/fixtures/migrator.py
+++ b/tests/integration/fixtures/migrator.py
@@ -1,3 +1,5 @@
+from typing import Optional
+
 import docker
 import pytest
 from testcontainers.core.container import Network
@@ -8,27 +10,32 @@ from fixtures.logger import setup_logger
 logger = setup_logger(__name__)


-@pytest.fixture(name="migrator", scope="package")
-def migrator(
+def create_migrator(
    network: Network,
    clickhouse: types.TestContainerClickhouse,
    request: pytest.FixtureRequest,
    pytestconfig: pytest.Config,
+    cache_key: str = "migrator",
+    env_overrides: Optional[dict] = None,
 ) -> types.Operation:
    """
-    Package-scoped fixture for running schema migrations.
+    Factory function for running schema migrations.
+    Accepts optional env_overrides to customize the migrator environment.
    """

    def create() -> None:
        version = request.config.getoption("--schema-migrator-version")
        client = docker.from_env()

+        environment = dict(env_overrides) if env_overrides else {}
+
        container = client.containers.run(
            image=f"signoz/signoz-schema-migrator:{version}",
            command=f"sync --replication=true --cluster-name=cluster --up= --dsn={clickhouse.env["SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN"]}",
            detach=True,
            auto_remove=False,
            network=network.id,
+            environment=environment,
        )

        result = container.wait()
@@ -47,6 +54,7 @@ def migrator(
            detach=True,
            auto_remove=False,
            network=network.id,
+            environment=environment,
        )

        result = container.wait()
@@ -59,7 +67,7 @@ def migrator(

        container.remove()

-        return types.Operation(name="migrator")
+        return types.Operation(name=cache_key)

    def delete(_: types.Operation) -> None:
        pass
@@ -70,9 +78,27 @@ def migrator(
    return dev.wrap(
        request,
        pytestconfig,
-        "migrator",
+        cache_key,
        lambda: types.Operation(name=""),
        create,
        delete,
        restore,
    )
+
+
+@pytest.fixture(name="migrator", scope="package")
+def migrator(
+    network: Network,
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,
+    pytestconfig: pytest.Config,
+) -> types.Operation:
+    """
+    Package-scoped fixture for running schema migrations.
+    """
+    return create_migrator(
+        network=network,
+        clickhouse=clickhouse,
+        request=request,
+        pytestconfig=pytestconfig,
+    )
--- a/tests/integration/src/querier_json_body/01_logs_json_body_new_qb.py
+++ b/tests/integration/src/querier_json_body/01_logs_json_body_new_qb.py
--- a/tests/integration/src/querier_json_body/init.py
+++ b/tests/integration/src/querier_json_body/init.py
--- a/tests/integration/src/querier_json_body/conftest.py
+++ b/tests/integration/src/querier_json_body/conftest.py
@@ -0,0 +1,70 @@
+import pytest
+from testcontainers.core.container import Network
+
+from fixtures import types
+from fixtures.migrator import create_migrator
+from fixtures.signoz import create_signoz
+
+UNSUPPORTED_CLICKHOUSE_VERSIONS = {"25.5.6"}
+
+
+def pytest_collection_modifyitems(
+    config: pytest.Config, items: list[pytest.Item]
+) -> None:
+    version = config.getoption("--clickhouse-version")
+    if version in UNSUPPORTED_CLICKHOUSE_VERSIONS:
+        skip = pytest.mark.skip(
+            reason=f"JSON body QB tests require ClickHouse > {version}"
+        )
+        for item in items:
+            item.add_marker(skip)
+
+
+@pytest.fixture(name="migrator", scope="package")
+def migrator_json(
+    network: Network,
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,
+    pytestconfig: pytest.Config,
+) -> types.Operation:
+    """
+    Package-scoped migrator with ENABLE_LOGS_MIGRATIONS_V2=1.
+    """
+    return create_migrator(
+        network=network,
+        clickhouse=clickhouse,
+        request=request,
+        pytestconfig=pytestconfig,
+        cache_key="migrator-json-body",
+        env_overrides={
+            "ENABLE_LOGS_MIGRATIONS_V2": "1",
+        },
+    )
+
+
+@pytest.fixture(name="signoz", scope="package")
+def signoz_json_body(
+    network: Network,
+    zeus: types.TestContainerDocker,
+    gateway: types.TestContainerDocker,
+    sqlstore: types.TestContainerSQL,
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,
+    pytestconfig: pytest.Config,
+) -> types.SigNoz:
+    """
+    Package-scoped fixture for SigNoz with BODY_JSON_QUERY_ENABLED=true.
+    """
+    return create_signoz(
+        network=network,
+        zeus=zeus,
+        gateway=gateway,
+        sqlstore=sqlstore,
+        clickhouse=clickhouse,
+        request=request,
+        pytestconfig=pytestconfig,
+        cache_key="signoz-json-body",
+        env_overrides={
+            "BODY_JSON_QUERY_ENABLED": "true",
+        },
+    )
Author	SHA1	Message	Date
Piyush Singariya	4af6a9abae	Merge branch 'main' into feat/json-qb-tests	2026-04-07 21:49:21 +05:30
Piyush Singariya	72ce8768b3	chore: align usage of negative operators in JSON Body (#10758 ) * feat: enable JSON Path index * fix: contextual path index usage * test: fix unit tests * feat: align negative operators to include other logs * fix: primitive conditions working * fix: indexed tests passing * fix: array type filtering from dynamic arrays * fix: unit tests * fix: remove not used paths from testdata * fix: unit tests * fix: comment * fix: indexed unit tests * fix: array json element comparison * feat: change filtering of dynamic arrays * fix: dynamic array tests * fix: stringified integer value input * fix: better review for test file * fix: negative operator check * ci: lint changes * ci: lint fix	2026-04-07 15:51:26 +00:00
Abhi kumar	7c1fe82043	refactor(tooltip): pin active series to header and fix spacing in uPlot chart tooltip (#10862 ) * fix: fixed tooltip spacing and minor ui fixes * chore: minor fix * chore: changed opacity * chore: broke down tooltip component * chore: sorted the tooltip content * chore: moved scss to modules * chore: pr review comments * chore: removed sorting values * chore: pr review comments * rename classname Co-authored-by: Ashwin Bhatkal <ashwin96@gmail.com> * chore: removed tests --------- Co-authored-by: Ashwin Bhatkal <ashwin96@gmail.com>	2026-04-07 11:49:26 +00:00
Vinicius Lourenço	d4dbbceab7	fix(app-routes): use redirect component to avoid flash old routes due to useEffect (#10802 ) Some checks failed build-staging / staging (push) Has been cancelled Details build-staging / prepare (push) Has been cancelled Details build-staging / js-build (push) Has been cancelled Details build-staging / go-build (push) Has been cancelled Details Release Drafter / update_release_draft (push) Has been cancelled Details	2026-04-07 11:10:48 +00:00
Piyush Singariya	55e892dad3	fix: body tests ready	2026-04-07 16:22:26 +05:30
Piyush Singariya	181116308f	fix: logs.py	2026-04-07 15:56:21 +05:30
Piyush Singariya	eaa678910b	fix: better tests	2026-04-07 14:49:52 +05:30
Vikrant Gupta	918cf4dfe5	fix(authz): improve error messages (#10856 )	2026-04-07 08:34:53 +00:00
Piyush Singariya	e994caeb02	chore: import tests from older pr	2026-04-07 13:43:16 +05:30
Piyush Singariya	10840f8495	ci: lint changes	2026-04-07 12:31:22 +05:30
Piyush Singariya	1fcd3adfc8	Merge branch 'main' into fix/array-json	2026-04-07 12:29:35 +05:30
Piyush Singariya	3e14b26b00	fix: negative operator check	2026-04-07 12:26:44 +05:30
Piyush Singariya	b30bfa6371	fix: better review for test file	2026-04-02 12:53:44 +05:30
Piyush Singariya	e7f4a04b36	Merge branch 'main' into fix/array-json	2026-04-01 15:44:01 +05:30
Piyush Singariya	0687634da3	fix: stringified integer value input	2026-04-01 15:25:35 +05:30
Piyush Singariya	7e7732243e	fix: dynamic array tests	2026-04-01 12:54:26 +05:30
Piyush Singariya	2f952e402f	feat: change filtering of dynamic arrays	2026-04-01 12:09:32 +05:30
Piyush Singariya	a12febca4a	fix: array json element comparison	2026-04-01 10:34:55 +05:30
Piyush Singariya	cb71c9c3f7	Merge branch 'main' into fix/array-json	2026-03-31 15:42:09 +05:30
Piyush Singariya	1cd4ce6509	Merge branch 'main' into fix/array-json	2026-03-31 14:55:36 +05:30
Piyush Singariya	9299c8ab18	fix: indexed unit tests	2026-03-30 15:47:47 +05:30
Piyush Singariya	24749de269	fix: comment	2026-03-30 15:16:28 +05:30
Piyush Singariya	39098ec3f4	fix: unit tests	2026-03-30 15:12:17 +05:30
Piyush Singariya	fe554f5c94	fix: remove not used paths from testdata	2026-03-30 14:24:48 +05:30
Piyush Singariya	8a60a041a6	fix: unit tests	2026-03-30 14:14:49 +05:30
Piyush Singariya	541f19c34a	fix: array type filtering from dynamic arrays	2026-03-30 12:59:31 +05:30
Piyush Singariya	010db03d6e	fix: indexed tests passing	2026-03-30 12:24:26 +05:30
Piyush Singariya	5408acbd8c	fix: primitive conditions working	2026-03-30 12:01:35 +05:30
Piyush Singariya	0de6c85f81	feat: align negative operators to include other logs	2026-03-28 10:30:11 +05:30
Piyush Singariya	69ec24fa05	test: fix unit tests	2026-03-27 15:12:49 +05:30
Piyush Singariya	539d732b65	fix: contextual path index usage	2026-03-27 14:44:51 +05:30
Piyush Singariya	843d5fb199	Merge branch 'main' into feat/json-index	2026-03-27 14:17:52 +05:30
Piyush Singariya	fabdfb8cc1	feat: enable JSON Path index	2026-03-27 14:07:37 +05:30