Check For Existence of Element Using Complex Conditions
Check for the existence of elements using complex conditions in
flat array using array:exists() function with
in() and if()
Query
kvparse()
| array:exists(
array="a[]",
condition=if(in(a, values=[2,5]), then=true, else=in(a, values=[3, 6]))Introduction
The array:exists() function can be used to check
for the existence of an element satisfying a condition expressed as a
pipeline, but it also allows the direct use of other filter functions.
In this example, the array:exists() function is
used with the condition
argument and if() function along with the
in() function to check if given values are in the
array.
The example demonstrates how to use the () function
along with the () function to create a logical
OR-like condition in the expression language. It allows for more complex
filtering logic, when a direct logical OR operator is
not available.
Example incoming data might look like this:
| a[0] | a[1] |
|---|---|
| 1 | 2 |
| 1 | 3 |
| 1 | 4 |
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
kvparse()Parses the string into key value pairs.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| array:exists( array="a[]", condition=if(in(a, values=[2,5]), then=true, else=in(a, values=[3, 6]))Filters for events where the a[] array contains the values
2or5. If not containing these values, it filters for events where the a[] array contains the values3or6. Event Result set.
Summary and Results
The query is used to check for the existence of simple values in nested arrays.
Sample output from the incoming example data:
| a[0] | a[1] |
|---|---|
| 1 | 2 |
| 1 | 3 |