Get the Value of a Field Stored in Another Field

Retrieve values from stored fields using the getField() function

Query

logscale

result := getField("foo")

Introduction

Given an event with the following fields:

|------------------|
| foo      | bar   |
| bar      | 123   |
| foo      | quux  |
|------------------|

Do a "direct" lookup where the result is set to the value that is stored in that field, by quoting the string — it takes expressions as input (similar to eval() and test() functions):

Step-by-Step

Starting with the source repository events.
logscale
```
result := getField("foo")
```
The result is set to the value that is stored in field foo
Event Result set.

Summary and Results

bar	foo	result
123	bar	bar
<no value>	quux	quux

In the same event, using the same query that does not quote the string:

logscale

result := getField(foo)

will get the value of the field which name is stored at foo, so 123 is stored as the result:

bar	foo	result
123	bar	123
<no value>	quux	<no value>

(no result is output for foo=quux as quux does not exist).

Versions of this Page

Examples Library