Filters events from the input array using the function provided in the array.
The order is maintained in the output array.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
array[a] | string | required | A string in the format of a valid array followed by []. A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[] . | |
function | Non-aggregate function | required | The function to use for filtering events in the array. | |
var | string | required | Name of the variable to be used in function argument. | |
Omitted Argument NamesThe argument name for
arraycan be omitted; the following forms of this function are equivalent:logscalearray:filter("value[]",var="value",function="value")and:
logscalearray:filter(array="value[]",var="value",function="value")These examples show basic structure only; full examples are provided below.
array:filter() Examples
Given an array of three elements, retrieve those where the address
starts with ba:
logscale
mailto[0]=foo@example.com
mailto[1]=bar@example.com
mailto[2]=baz@example.comQuery function:
logscale
array:filter(array="mailto[]", var="addr", function={addr=ba*@example.com}, asArray="out[]")Expected output:
logscale
out[0]=bar@example.com
out[1]=baz@example.com