Array Query Functions
LogScale's array functions allow you to extract, create and
manipulate items embedded in arrays, or to interpret arrays and nested
arrays within events. In the Array Query Functions
table, functions marked with array can be used with a
flat array. Functions marked nested-array are designed
for working with structured arrays.
For information on using arrays, see Array Syntax.
Table: Array Query Functions
| Function | Type | Default Argument | Availability | Description |
|---|---|---|---|---|
array:contains(array, value) | array, data-manipulation, filter | array | introduced in 1.62.0 | Checks whether the given value matches any of the values of the array and excludes the event if no value matches. |
array:eval(array, [asArray], function, [var]) | array | array | introduced in 1.39.0 | Evaluates the function argument on all values in the array under the array argument overwriting the array. |
array:filter(array, function, var) | array, data-manipulation, filter | array | introduced in 1.39.0 | Drops entries from the input array using the given filtering function. |
array:intersection(array, [as]) | aggregate, array | array | introduced in 1.39.0 | Determines the set intersection of array values over input events. |
array:reduceColumn(array, [as], function, var) | aggregate, array, data-manipulation | array | introduced in 1.39.0 | Computes an aggregate value for each array element with the same index. |
array:reduceRow(array, [as], function, var) | array | array | introduced in 1.39.0 | Computes an aggregated value of an array on all events. |
array:regex(array, [flags], regex) | array, filter, regular-expression | array | introduced in 1.62.0 | Checks whether the given pattern matches any of the values of the array and excludes the event from the search result. |
array:union(array, [as]) | aggregate, array, data-manipulation | array | introduced in 1.39.0 | Determines the set union of array values over input events. |
concatArray([as], field, [from], [prefix], [separator], [suffix], [to]) | array, data-manipulation, string | field | Concatenates values of all fields with same name and an array suffix into a new field. | |
split([field], [strip]) | array, data-manipulation | field | Splits an event structure created by a JSON array into distinct events. | |
splitString([as], by, [field], [index]) | array, data-manipulation, regular-expression, string | field | Splits a string by specifying a regular expression by which to split. |
Using Array Query Functions
The following rules and recommendations apply to all the array query functions listed in the Array Query Functions table.
Array functions do not support non-consecutive items in an array.
For example, when manipulating the array:
logscalefoo[0], foo[1], foo[3]The function will only run against:
logscalefoo[0], foo[1]Array indexes start at zero; For example, foo[0].
When rereferring to the whole array, use foo[].
Arrays elements are identified using the array name with an [x] suffix.
For example, having the array:
logscalefoo[0], foo[1]Adding another field:
logscalefoo[2]Results in the array:
logscalefoo[0],foo[1],foo[2]With no missing entries, array functions will run against them all.