concat()

`concat()`

Concatenates the values of a list of fields into a single value in a new field.

Parameter	Type	Required	Default Value	Description
`as`	string	optional^[a]	`_concat`	The output name of the field to set.
`field`^[b]	array of strings	required		Fields to concatenate.
^[a]Optional parameters use their default value unless explicitly set. ^[b]The parameter name `field` can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Omitted Argument Names
The argument name for field can be omitted; the following forms of this function are equivalent:
logscale Syntax
concat(["value"])
and:
logscale Syntax
concat(field=["value"])
These examples show basic structure only.

For example:

logscale

concat([aidValue, cidValue], as=checkMe2)

The function is not capable of combining arbitrary strings, or concatenating strings and fields together. The following will not work:

logscale

concat([field1,"/",field2], as=combined)

Instead, you can use the format() function:

logscale

format("%s/%s",field=[field1,field2],as=combined)

`concat()` Examples

Click + next to an example below to get the full details.

Concatenate Fields and Strings Together

Query

logscale

format("%s/%s",field=[dirname,filename],as=pathname)

Introduction

The concat() is not able to concatenate fields and strings together. For example to create a pathname based on the directory and filename it is not possible to do:

logscale

concat([dirname,"/",filename],as=pathname)

This will raise an error. Instead, we can use format().

Step-by-Step

Starting with the source repository events.
logscale
```
format("%s/%s",field=[dirname,filename],as=pathname)
```
Formats a value separating the two by a forward slash, creating the field pathname
Event Result set.

Summary and Results

The format() function provides a flexible method of formatting data, including encapsulating or combining strings and fields together.

Concatenate Multiple Values From Nested Array Elements

Concatenate multiple values from nested array elements using objectArray:eval() function with concat()

Query

logscale

objectArray:eval("foo[]", var=x, function={_mapped := concat([x.key.value, "x.key.others[0]", "x.key.others[1]"])}, asArray="_mapped[]")

Introduction

In this example, the objectArray:eval() function is used with the concat() function to concatenate multiple deeply nested arrays of objects values in the array foo[] and return the concatenated values in the output field _mapped[]

Example incoming data might look like this:

JSON

"foo[0].key.value": y
"foo[0].key.others[0]": 1
"foo[0].key.others[1]": 2
"foo[1].nothing": 355

Step-by-Step

Starting with the source repository events.
logscale
```
objectArray:eval("foo[]", var=x, function={_mapped := concat([x.key.value, "x.key.others[0]", "x.key.others[1]"])}, asArray="_mapped[]")
```
Notice that a var parameter can be used to give a different name to the input array variable inside the function argument. This is particularly useful whenever the input array name is very long.
Event Result set.

Summary and Results

The query is used to concatenate multiple deeply nested arrays of objects values.

Sample output from the incoming example data:

_mapped[0]: y12
"foo[0].key.value": y
"foo[0].key.others[0]": 1
"foo[0].key.others[1]": 2

Concatenate Values From Nested Array Elements

Concatenate deeply nested objects and arrays using objectArray:eval() function with concat()

Query

logscale

objectArray:eval("in[]", asArray="out[]", function={out := concat(["in.a", "in.b.c", "in.others[1].d"])})

Introduction

In this example, the objectArray:eval() function is used with the concat() function to concatenate deeply nested arrays of objects values in the array in[] and return the concatenated values in the output field out[].

Example incoming data might look like this:

JSON

in[0].a: 1
in[0].b.c: 2
in[0].others[0].d: 3
in[0].others[1].d: 4

Step-by-Step

Starting with the source repository events.
logscale
```
objectArray:eval("in[]", asArray="out[]", function={out := concat(["in.a", "in.b.c", "in.others[1].d"])})
```
Iterates over the array from start to end (or to the first empty index in the array), applies the given function, and returns the concatenated results in a new output array name field out[].
Event Result set.

Summary and Results

The query is used to concatenate deeply nested arrays of objects.

Sample output from the incoming example data:

out[0]: 124

Concatenate Values From Two Nested Array Elements

Concatenate values from two nested array elements returning output in flat array

Query

logscale

objectArray:eval("arr[]", var=x, function={_mapped := concat([x.a, x.b])}, asArray="_mapped[]")

Introduction

In this example, the objectArray:eval() function is used with the variable x to concatenate the values a and b from each array element. The concat() function is used to return the concatenated output into a new array.

Example incoming data might look like this:

JSON

arr[0]: machine
arr[0].a: a0
arr[0].b: b0
arr[1].a: a1
arr[1].b: b1
arr[1].c: c1
arr[2].a: a2
arr[4].b: b2
other: abc

Step-by-Step

Starting with the source repository events.
logscale
```
objectArray:eval("arr[]", var=x, function={_mapped := concat([x.a, x.b])}, asArray="_mapped[]")
```
Concatenates the values a and b from each array element and returns the results in a new array named _mapped. In this example, objectArray:eval() iterates over each element of the array and assigns each element to the variable x which is then used as an alias. The new field _mapped is created by concatenating the value using the alias x to extract each object value from each element of the array. Notice that the output in this example is a flat array.
For example, this array element:
arr[0].a: a0
arr[0].b: b0
is translated to:
```
_mapped[0]: a0b0
```
Event Result set.

arr[0].a: a0
arr[0].b: b0

Summary and Results

The query is used to concatenate values of two array elements.

Sample output from the incoming example data, the original values have not been removed:

_mapped[0]: a0b0
_mapped[1]: a1b1
_mapped[2]: a2
_mapped[3]: b2

arr[0]: machine

arr[0].a: a0
arr[0].b: b0

arr[1].a: a1
arr[1].b: b1

arr[1].c: c1

arr[2].a: a2

arr[4].b: b2

other: abc

Concatenate Values in Two Fields - Example 1

Concatenate values in two fields into a single value in a new array using the concat() function

Query

logscale

concat([aidValue, cidValue], as=checkMe2)

Introduction

In this example, the concat() function concatenates the AID (Agent ID) and CID (Customer ID) values into a single value in a new array.

Step-by-Step

Starting with the source repository events.
logscale
```
concat([aidValue, cidValue], as=checkMe2)
```
Concatenates the values of the fields aidValue and cidValue into a single value in a new field named checkMe2.
The single value contains both the Agent ID and Customer ID information. It is recommended to have a consistent format and potentially include a separator between the AID and CID to ensure, that they can be easily parsed apart, if needed later.
Event Result set.

Summary and Results

The query is used to concatenate the values of a list of fields into a single value in a new field. Combining CID and AID values is, for example, useful for unique identification, troubleshooting, data analysis etc. This query is also useful in case you want to combine for example first names and last names from two different fields into the full name in a new field, or if you have a list of users and a list of the URLs visited, that you want to combine to see which user navigated which URLs.

Concatenate Values in Two Fields - Example 2

Concatenate values in two fields into a single value in a new array using the concat() function

Query

logscale

concat([f1, f2], as="combined")

Introduction

In this example, the concat() function concatenates the values of two fields with different names (f1 and f2) into a single value in a new field.

Step-by-Step

Starting with the source repository events.
logscale
```
concat([f1, f2], as="combined")
```
Concatenates the values of the arrays f1 and f2 into a single value in a new array named combined.
Event Result set.

Summary and Results

The query is used to concatenate the values of a list of fields into a single value in a new field. This query is useful in case you want to combine for example first names and last names from two different fields into the full name in a new field, or if you have a list of users and a list of the URLs visited, that you want to combine to see which user navigated which URLs.

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

concat() Examples

Concatenate Fields and Strings Together

Query

Introduction

Step-by-Step

Summary and Results

Concatenate Multiple Values From Nested Array Elements

Query

Introduction

Step-by-Step

Summary and Results

Concatenate Values From Nested Array Elements

Query

Introduction

Step-by-Step

Summary and Results

Concatenate Values From Two Nested Array Elements

Query

Introduction

Step-by-Step

Summary and Results

Concatenate Values in Two Fields - Example 1

Query

Introduction

Step-by-Step

Summary and Results

Concatenate Values in Two Fields - Example 2

Query

Introduction

Step-by-Step

Summary and Results

Enter search term

`concat()`

`concat()` Examples