Important
This function is considered experimental and under active development and should not be used in production.
The function must be enabled using the feature flag
ArrayFunctions. See
Enabling/Disabling Features.
Drops entries from the input array using the given filtering function.
The order is maintained in the output array. The name of the output array cannot be the same as the input array.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
array | string | true | The prefix of the array in Humio, for example for events with fields 'incidents[0], incidents[1], ...' this would be 'incidents'. [a] | |
as | string | false | The output array; cannot be the same as the input array. | |
function | Non-aggregate function | true | The function to use for filtering events in the array. | |
var | string | true | The function argument name | |
Examples
Given an array of three events retrieve those where the address starts with "ba":
logscale
mailto[0]=foo@example.com
mailto[1]=bar@example.com
mailto[2]=baz@example.comQuery function:
logscale
array:filter(mailto, var="addr", function={addr=ba*@example.com}, as=out)Expected output:
logscale
out[0]=bar@example.com
out[1]=baz@example.com