Array Query Functions

LogScale's array functions allow you to extract, create and manipulate items embedded in arrays, or to interpret arrays, within events. For more information, see Array Syntax.

Table: Array Query Functions

FunctionDefault ArgumentAvailabilityDescription
array:contains(array, value)array  Checks whether the given value matches any of the values of the array and excludes the event if no value matches
array:eval(array, [as], function, var)array  Evaluates the function argument on all values in the array under the array argument overwriting the array
array:filter(array, [asArray], function, var)array  Drops entries from the input array using the given filtering function.
array:intersection(array, [as])array  Determines the set intersection of array values over input events
array:reduceAll(array, function, var)arrayintroduced in 1.77 Computes a value from all events and array elements of the specified array.
array:reduceColumn(array, [as], function, var)array  Computes an aggregate value for each array element with the same index.
array:reduceRow(array, [as], function, var)array  Computes an aggregated value of an array on all events.
array:regex(array, [flags], regex)array  Checks whether the given pattern matches any of the values of the array and excludes the event from the search result
array:union(array, [as])array  Determines the set union of array values over input events.

Common Recommendations for Array Query Functions

The following rules and recommendations apply to all the array query functions listed above.

  • Array functions do not support non-consecutive items in an array.

    For example, when manipulating the array:

    logscale
    foo[0], foo[1], foo[3]

    The function will only run against:

    logscale
    foo[0], foo[1]

  • Array indexes start at zero; For example, foo [0].

  • Arrays are identified using the array name with an [x] suffix.

    For example, having the array:

    logscale
    foo[0], foo[1]

    Adding another field:

    logscale
    foo[2]

    Would result in the array:

    logscale
    foo[0],foo[1],foo[2]

    With no missing entries, array functions will run against them all.

  • You cannot use nested arrays. For example, if you have foo[] in which each element is a bar[] you cannot give the argument:

    logscale
    foo[].bar[]