Drops entries from the input array using the given filtering function.
The order is maintained in the output array. The name of the output array cannot be the same as the input array.
Function Traits: Transformation
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
array[a] | string | required | The prefix of the array in LogScale, for example for events with fields incidents[0], incidents[1], ... this would be incidents. | |
asArray | string | optional | A string in the format of a valid array followed by []. A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[] . | |
function | Non-aggregate function | required | The function to use for filtering events in the array. | |
var | string | required | The function argument name | |
The parameter name for array can be omitted; the following forms are equivalent:
logscale
array:filter("value")and:
logscale
array:filter(array="value")array:filter() Examples
Given an array of three elements, retrieve those where the address starts with "ba":
logscale
mailto[0]=foo@example.com
mailto[1]=bar@example.com
mailto[2]=baz@example.comQuery function:
logscale
array:filter(array="mailto[]", var="addr", function={addr=ba*@example.com}, asArray="out[]")Expected output:
logscale
out[0]=bar@example.com
out[1]=baz@example.com