Evaluate Arbitrary Expression as Boolean Value

Evaluate an arbitrary expression as a boolean value and filter events when expression returns true

Query

logscale
test(foo < bar)

Introduction

The test() function is used to evaluate arbitrary expressions as boolean values in a query. Arbitrary expressions are used for various purposes, like performing calculations, making decisions, and defining conditions.

In this example, the test() function evaluates the arbitrary expression < as a boolean value (true/false) and filters events when the expression returns true.

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[(Filter Function)] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ffbf00; style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    test(foo < bar)

    Evaluates if the value of the field foo is less than the value of the field bar.

  3. Event Result set.

Summary and Results

The query is used to evaluate arbitrary expressions as boolean values in a query. This is used to filter events where the expression returns true. The difference between using the test() function instead of the match() function is that test() returns a boolean value and match() returns a string.