Important

This function is considered experimental and under active development and should not be used in production.

The function must be enabled using the feature flag ArrayFunctions. See Enabling/Disabling Features.

This query function checks whether the given value matches any of the values of the array and excludes the event from the search result if it does not match on any value. Capturing groups are currently only supported for numbered back-referencing.

ParameterTypeRequiredDefaultDescription
arraystringtrue The prefix of the array in Humio, for example for events with fields 'incidents[0], incidents[1], ...' this would be 'incidents'.
valuestringtrue The exact value of the array to search for.

Examples

Given events containing an incidents array:

Event 1

humio
|--------------|-------------|
| host         | v1          |
| incidents[0] | Evil Bear   |
| incidents[1] | Cozy Bear   |
|--------------|-------------|

Event 2

humio
|--------------|-------------|
| host         | v15         |
| incidents[0] | Fancy Fly   |
| incidents[1] | Tiny Cat    |
| incidents[2] | Cozy Bears  |
|--------------|-------------|

Find all the events where incidents contains the exact value Cozy Bears and group them by which hosts were affected, giving output event

humio
|--------------|-------------|
| host         | v1          |
| _count       | 1           |
|--------------|-------------|
humio
array:contains(incidents, value="Cozy Bears") |
groupBy(host)