Appends single or multiple values to an array, or creates a new array if it does not already exist.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
array [a] | string | required | Name of the array to append values to. Must follow valid Array Syntax for array of scalars. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[] . | |
value | string | required | The list of expressions to be appended. | |
[a] The argument name |
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
array
can be omitted; the following forms of this function are equivalent:logscalearray:append("value[]",value="value")
and:
logscalearray:append(array="value[]",value="value")
These examples show basic structure only.
The syntax for array:append()
looks like this:
array:append(array=foo[], value=[<exp_1>, &ellipsis; <exp_n>])
where array:append()
is used to either append the
values of exp_1
to exp_n
at the end of the
foo[]
array, or create a new array of these values if the
array foo[]
is not present in the event. If one of the
expressions does not evaluate to a value, then that expression is skipped.
array:append()
requires that the input array has
continuous, sequential indexes with no gaps. If there are gaps (that is,
missing indexes), the function will start inserting new values at the
first missing index, potentially overwriting existing elements. For
example, having a missing index like in:
|-----------------|
|array[0] | foo |
|array[1] | bar |
|array[3] | baz |
|-----------------|
the query:
array:append(array[], values=["x", "y", "z"])
will produce the following output:
field | value |
---|---|
array[0] | foo |
array[1] | bar |
array[2] | x |
array[3] | y |
array[4] | z |
meaning that array[3] will be overwritten.
array:append()
Examples
Create New Array By Appending Elements From Another Array
Query
array:append(array="related.user[]", values=[lower(source.user.name), lower(destination.user.name)])
Introduction
The array:append()
function can be used to
create a new array based on values from another flat array,
provided that the input array has continuous, sequential indexes
with no missing indexes. In this example, the
array:append()
function is used to create a
new array related.user[] containing
information about all user names seen on the event.
Example incoming data might look like this:
source.user.name="user_1" destination.user.name="USER_2"
Step-by-Step
Starting with the source repository events.
- logscale
array:append(array="related.user[]", values=[lower(source.user.name), lower(destination.user.name)])
Creates a new array related.user[] containing information about all user names seen on the event. Notice that the
lower
function formats the results into lower case before appending them to the array. Event Result set.
Summary and Results
This query is used to create a new flat array based on values from another flat array.
Sample output from the incoming example data:
source.user.name | destination.user.name | related.user[0] | related.user[1] | |
---|---|---|---|---|
user_1 | USER_2 | user_1 | user_2 |
Split Comma-separated Strings in Array into New Array
Query
splitString(field=numbers,by=",",as=numbarr)
| array:append(array="numbarr[]", values=[4])
Introduction
The array:append()
function can be used to
create a new array based on values from another flat array,
provided that the input array has continuous, sequential indexes
with no missing indexes.
Example incoming data might look like this:
|-----------------------|
| numbers | "1,2,3" |
|-----------------------|
Step-by-Step
Starting with the source repository events.
- logscale
splitString(field=numbers,by=",",as=numbarr) | array:append(array="numbarr[]", values=[4])
Splits the comma-separated strings in the field numbers into a new array named numbarr[], and then extends this array with new values.
Event Result set.
Summary and Results
This query is used to create a new flat array based on values from another flat array,
Sample output from the incoming example data:
numbarr[0] | numbarr[1] | numbarr[2] | numbarr[3] |
---|---|---|---|
1 | 2 | 3 | 4 |