Concatenate Object Arrays Into Single Array
Concatenate one or more objects from object arrays into a single array and string
Query
"a[0].foo" := "a"
| "a[0].bar" := "b"
| "a[1].foo" := "c"
| "a[1].bar" := "d"
| objectArray:eval(array="a[]", asArray="output[]", var="x", function={output := x.bar})
| concatArray("output")Introduction
The objectArray:eval() function is a structured
array query function that follows normal array syntax. The array syntax
is similar to the one used by JSON, where
[ and
] are used for indexing and
. for selecting members in
objects. For more information, see Array Syntax. The
objectArray:eval() function operates on arrays of
objects.
In this example, the objectArray:eval() function is
used to extract one object from each element of an array of objects and
then uses concatArray() to create a single string
of the values.
Example incoming data might look like this:
| a[0].foo: a |
|---|
| a[0].bar: b |
| a[1].foo: c |
| a[1].bar: d |
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[\Add Field/] 2[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
"a[0].foo" := "a" | "a[0].bar" := "b" | "a[1].foo" := "c" | "a[1].bar" := "d" - flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[\Add Field/] 2[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| objectArray:eval(array="a[]", asArray="output[]", var="x", function={output := x.bar})Iterates (creates a loop) over the array
a[]and adds the value of the object.barto a new arrayoutput[]. This is achieved by executing an anonymous function, which sets the value ofoutputto the iterated value ofx.barfroma[].The
asArrayparameter is set to the output[] field, and then when we assign the value of x.bar to this output[] field. - flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] 1[\Add Field/] 2[\Add Field/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 2 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| concatArray("output")Concatenates the array values in the output array and returns the result in a new field named _concatArray.
Notice that the
concatArray()function concatenates the elements of the supplied array and returns a string, containing the joined arrays. TheconcatArray()method does not change the existing arrays. Event Result set.
Summary and Results
The query is used to create a single value from compound arrays. This can be useful when you need to generate an identity field from a nested array, for example when summarizing data, or to create compound values from class definitions or IP addresses.
Sample output from the incoming example data:
| a[0].foo | a[0].bar | a[1].foo | a[1].bar | output[0] | output[1] | _concatArray |
|---|---|---|---|---|---|---|
| a | b | c | d | b | d | bd |