Available:objectArray:exists()
v1.175.0
The objectArray:exists() function is
available from version 1.175.0.
The function filters events based on array contents. It checks if an array contains at least one element that meets a specified condition.
objectArray:exists() is useful when
array:contains() is not flexible enough,
for example, when users want to compare the elements of the
array to the values of other fields, or when they want to use
query functions in the condition.
Although objectArray:exists() can be used
on both flat arrays and structured arrays, for best performance,
LogScale recommends using
objectArray:exists() only for nested arrays
(for example JSON structures). For flat arrays, the
array:exists() function is a recommended
equivalent. For a list of functions that can be used on flat
arrays, see Array Query Functions.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
array[a] | string | required | Name of the array in which to search for matching elements. Must follow valid Array Syntax for arrays. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[]. | |
condition | non-aggregate pipeline | required | A non-aggregate pipeline. If an event passes through the pipeline, the event is included, otherwise it is excluded. | |
var | string | optional[b] | input array name. | Name of the variable to be used in the condition argument. |
[b] Optional parameters use their default value unless explicitly set. | ||||
Note that for nested arrays, the
objectArray:exists() function must be used
instead of the array:exists() function.
objectArray:exists() Examples
Click next to an example below to get the full details.
Check For Existence of Simple Values in Nested Array Using objectArray:exists()
Check for the existence of simple values in nested array using objectArray:exists() function with array:exists() as filter function