Appends single or multiple values to an array, or creates a new array if it does not already exist.

ParameterTypeRequiredDefault ValueDescription
array[a]stringrequired  Name of the array to append values to. Must follow valid Array Syntax for array of scalars. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[].
valuestringrequired  The list of expressions to be appended.

[a] The argument name array can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

The syntax for array:append() looks like this:

logscale
array:append(array=foo[], value=[<exp_1>, &ellipsis; <exp_n>])

where array:append() is used to either append the values of exp_1 to exp_n at the end of the foo[] array, or create a new array of these values if the array foo[] is not present in the event. If one of the expressions does not evaluate to a value, then that expression is skipped.

array:append() requires that the input array has continuous, sequential indexes with no gaps. If there are gaps (that is, missing indexes), the function will start inserting new values at the first missing index, potentially overwriting existing elements. For example, having a missing index like in:

|-----------------|
|array[0]  | foo  |
|array[1]  | bar  |
|array[3]  | baz  |
|-----------------|

the query:

logscale
array:append(array[], values=["x", "y", "z"])

will produce the following output:

fieldvalue
array[0]foo
array[1]bar
array[2]x
array[3]y
array[4]z

meaning that array[3] will be overwritten.

Create New Array By Appending Elements From Another Array

Query
logscale
array:append(array="related.user[]", values=[lower(source.user.name), lower(destination.user.name)])
Introduction

The array:append() function can be used to create a new array based on values from another flat array, provided that the input array has continuous, sequential indexes with no missing indexes. In this example, the array:append() function is used to create a new array related.user[] containing information about all user names seen on the event.

Example incoming data might look like this:

source.user.name="user_1" destination.user.name="USER_2"
Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    array:append(array="related.user[]", values=[lower(source.user.name), lower(destination.user.name)])

    Creates a new array related.user[] containing information about all user names seen on the event. Notice that the lower function formats the results into lower case before appending them to the array.

  3. Event Result set.

Summary and Results

This query is used to create a new flat array based on values from another flat array.

Sample output from the incoming example data:

source.user.namedestination.user.namerelated.user[0]related.user[1] 
user_1USER_2user_1user_2 

Split Comma-separated Strings in Array into New Array

Query
logscale
splitString(field=numbers,by=",",as=numbarr)
| array:append(array="numbarr[]", values=[4])
Introduction

The array:append() function can be used to create a new array based on values from another flat array, provided that the input array has continuous, sequential indexes with no missing indexes.

Example incoming data might look like this:

|-----------------------|
| numbers   | "1,2,3"   |
|-----------------------|
Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    splitString(field=numbers,by=",",as=numbarr)
    | array:append(array="numbarr[]", values=[4])

    Splits the comma-separated strings in the field numbers into a new array named numbarr[], and then extends this array with new values.

  3. Event Result set.

Summary and Results

This query is used to create a new flat array based on values from another flat array,

Sample output from the incoming example data:

numbarr[0]numbarr[1]numbarr[2]numbarr[3]
1234