Abstract
Learn more about the Cortex Query Language array_any()
function.
Syntax
array_any(<array>, "@element"<operator>"<array element>")
Note
The <operator>
can be any of the ones supported, such as =
and !=
.
Description
The array_any()
function returns true
when at least 1 element in a particular array matches the condition in the specified array element. Otherwise, the function returns false
.
Example
When the dfe_labels
array is not empty, use the alter stage to create a new column called x
that returns true when at least 1 element in the dfe_labels
array is equal to network
; otherwise, the function returns false
.
dataset = xdr_data | filter dfe_labels != null | alter x = array_any(dfe_labels , "@element" = "network") | fields x, dfe_labels | limit 100