Check For Existence of Element Larger Than Given Number
Check for the existence of an element larger than a given number in a flat array using array:exists() function
Query
kvparse()
| array:exists(array="a[]", condition={a>2})Introduction
The array:exists() function can be used to check
for the existence of an element satisfying a condition expressed as a
pipeline.
In this example, the array:exists() function is
used with the condition
argument to check if a given value is in the array.
Note
It is recommended to use the array:contains()
function to check for simple values. See
array:contains().
Example incoming data might look like this:
| a[0] | a[1] |
|---|---|
| 1 | 2 |
| 1 | 3 |
| 1 | 4 |
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
kvparse()Parses the string into key value pairs.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| array:exists(array="a[]", condition={a>2})Filters for events where the a[] array contains a value greater than
2. Event Result set.
Summary and Results
The query is used to check for the existence of simple values in a flat array.
Sample output from the incoming example data:
| a[0] | a[1] |
|---|---|
| 1 | 3 |
| 1 | 4 |