Concatenates the values of a list of fields into a single value in a new field.
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
field
can be omitted; the following forms of this function are equivalent:logscale Syntaxconcat(["value"])
and:
logscale Syntaxconcat(field=["value"])
These examples show basic structure only.
For example:
concat([aidValue, cidValue], as=checkMe2)
The function is not capable of combining arbitrary strings, or concatenating strings and fields together. The following will not work:
concat([field1,"/",field2], as=combined)
Instead, you can use the format()
function:
format("%s/%s",field=[field1,field2],as=combined)
concat()
Examples
Click
next to an example below to get the full details.Concatenate Fields and Strings Together
Query
format("%s/%s",field=[dirname,filename],as=pathname)
Introduction
The concat()
is not able to concatenate
fields and strings together. For example to create a pathname
based on the directory and filename it is not possible to do:
concat([dirname,"/",filename],as=pathname)
This will raise an error. Instead, we can use
format()
.
Step-by-Step
Starting with the source repository events.
- logscale
format("%s/%s",field=[dirname,filename],as=pathname)
Formats a value separating the two by a forward slash, creating the field pathname
Event Result set.
Summary and Results
The format()
function provides a flexible
method of formatting data, including encapsulating or combining
strings and fields together.
Concatenate Multiple Values From Nested Array Elements
Concatenate multiple values from nested array elements using objectArray:eval()
function with concat()
Query
objectArray:eval("foo[]", var=x, function={_mapped := concat([x.key.value, "x.key.others[0]", "x.key.others[1]"])}, asArray="_mapped[]")
Introduction
The objectArray:eval()
function is a
structured array query function that follows normal array
syntax. The array syntax is similar to the one used by JSON,
where [
and ]
are used for
indexing and .
for selecting members in
objects. For more information, see
Array Syntax. The
objectArray:eval()
function operates on
arrays of objects using a function that supports a special
pattern to access sub-selections of array entries.
The special pattern that allows the function to operate on arrays of objects, and arrays of arrays, and other arrays of structured data is: "in" (the input array) followed by:
.subselection
or
[number]
or any combination of the above. For example:
in.key,
in.others[0].foo
in[0][1]
Semantically, given the input array in
, an array
index i
, and an access in.subselection
this will be translated to the field name
in[i].
.
Similarly, subselection
in[2]
is translated to
in[i][2]
.
The objectArray:eval()
function can be
combined with other array functions (or itself), in order to
support processing nested arrays. When used with nested arrays,
multiple values can be accessed and processed.
In this example, the objectArray:eval()
function is used with the concat()
function
to concatenate multiple deeply nested arrays of objects values
in the array foo[]
and return the
concatenated values in the output field
_mapped[]
Example incoming data might look like this:
"foo[0].key.value": y
"foo[0].key.others[0]": 1
"foo[0].key.others[1]": 2
"foo[1].nothing": 355
Step-by-Step
Starting with the source repository events.
- logscale
objectArray:eval("foo[]", var=x, function={_mapped := concat([x.key.value, "x.key.others[0]", "x.key.others[1]"])}, asArray="_mapped[]")
Notice that a
var
parameter can be used to give a different name to the input array variable inside the function argument. This is particularly useful whenever the input array name is very long. Event Result set.
Summary and Results
The query is used to concatenate multiple deeply nested arrays of objects values.
Sample output from the incoming example data:
_mapped[0]: y12
"foo[0].key.value": y
"foo[0].key.others[0]": 1
"foo[0].key.others[1]": 2
Concatenate Values From Nested Array Elements
Concatenate deeply nested objects and arrays using objectArray:eval()
function with concat()
Query
objectArray:eval("in[]", asArray="out[]", function={out := concat(["in.a", "in.b.c", "in.others[1].d"])})
Introduction
The objectArray:eval()
function is a
structured array query function that follows normal array
syntax. The array syntax is similar to the one used by JSON,
where [
and ]
are used for
indexing and .
for selecting members in
objects. For more information, see
Array Syntax. The
objectArray:eval()
function operates on
arrays of objects using a function that supports a special
pattern to access sub-selections of array entries.
The special pattern that allows the function to operate on arrays of objects, and arrays of arrays, and other arrays of structured data is: "in" (the input array) followed by:
.subselection
or
[number]
or any combination of the above. For example:
in.key,
in.others[0].foo
in[0][1]
Semantically, given the input array in
, an array
index i
, and an access in.subselection
this will be translated to the field name
in[i].
.
Similarly, subselection
in[2]
is translated to
in[i][2]
.
The objectArray:eval()
function can be
combined with other array functions (or itself), in order to
support processing nested arrays. When used with nested arrays,
multiple values can be accessed and processed.
In this example, the objectArray:eval()
function is used with the concat()
function
to concatenate deeply nested arrays of objects values in the
array in[]
and return the concatenated
values in the output field out[].
Example incoming data might look like this:
in[0].a: 1
in[0].b.c: 2
in[0].others[0].d: 3
in[0].others[1].d: 4
Step-by-Step
Starting with the source repository events.
- logscale
objectArray:eval("in[]", asArray="out[]", function={out := concat(["in.a", "in.b.c", "in.others[1].d"])})
Iterates over the array from start to end (or to the first empty index in the array), applies the given function, and returns the concatenated results in a new output array name field out[].
Event Result set.
Summary and Results
The query is used to concatenate deeply nested arrays of objects.
Sample output from the incoming example data:
out[0]: 124
Concatenate Values From Two Nested Array Elements
Concatenate values from two nested array elements returning output in flat array
Query
objectArray:eval("arr[]", var=x, function={_mapped := concat([x.a, x.b])}, asArray="_mapped[]")
Introduction
The objectArray:eval()
function is a
structured array query function that follows normal array syntax.
The array syntax is similar to the one used by JSON, where
[
and ]
are used for
indexing and .
for selecting members in
objects. For more information, see Array Syntax.
The objectArray:eval()
function operates on
arrays of objects. In this example, the
objectArray:eval()
function is used with the
variable x to concatenate the values
a
and b
from each array element. The
concat()
function is used to return the
concatenated output into a new array.
Example incoming data might look like this:
arr[0]: machine
arr[0].a: a0
arr[0].b: b0
arr[1].a: a1
arr[1].b: b1
arr[1].c: c1
arr[2].a: a2
arr[4].b: b2
other: abc
Step-by-Step
Starting with the source repository events.
- logscale
objectArray:eval("arr[]", var=x, function={_mapped := concat([x.a, x.b])}, asArray="_mapped[]")
Concatenates the values
a
andb
from each array element and returns the results in a new array named _mapped. In this example,objectArray:eval()
iterates over each element of the array and assigns each element to the variablex
which is then used as an alias. The new field _mapped is created by concatenating the value using the aliasx
to extract each object value from each element of the array. Notice that the output in this example is a flat array.For example, this array element:
Raw Eventsarr[0].a: a0 arr[0].b: b0 is translated to:
_mapped[0]: a0b0
Event Result set.
Summary and Results
The query is used to concatenate values of two array elements.
Sample output from the incoming example data, the original values have not been removed:
_mapped[0]: a0b0
_mapped[1]: a1b1
_mapped[2]: a2
_mapped[3]: b2
arr[0]: machine
arr[0].a: a0
arr[0].b: b0
arr[1].a: a1
arr[1].b: b1
arr[1].c: c1
arr[2].a: a2
arr[4].b: b2
other: abc