Concatenate Values in Two Fields - Example 2 | LogScale Query Examples

Concatenate Values in Two Fields - Example 2

Concatenate values in two fields into a single value in a new array using the concat() function

Query

logscale

concat([f1, f2], as="combined")

Introduction

The concat() function concatenates (joins) the values of a list of fields into a single value in a new field. The concat() method does not change the existing fields. The new field contains the merge between the concatenated values.

In this example, the concat() function concatenates the values of two fields with different names (f1 and f2) into a single value in a new field.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Augment Data] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
concat([f1, f2], as="combined")
```
Concatenates the values of the arrays f1 and f2 into a single value in a new array named combined.
Event Result set.

Summary and Results

The query is used to concatenate the values of a list of fields into a single value in a new field. This query is useful in case you want to combine for example first names and last names from two different fields into the full name in a new field, or if you have a list of users and a list of the URLs visited, that you want to combine to see which user navigated which URLs.

Examples Library