Abstract
Learn more about the Cortex Query Language array_all() function.
Syntax
array_all(<array>, "@element"<operator>"<array element>")
Note
The <operator> can be any of the ones supported, such as = and !=.
Description
The array_all() function returns true when all the elements in a particular array match the condition in the specified array element. Otherwise, the function returns false.
Example
When the dfe_labels array is not empty, use the alter stage to create a new column called x that returns true when all the elements in the dfe_labels array is equal to network; otherwise, the function returns false.
dataset = xdr_data | filter dfe_labels != null | alter x = array_all(dfe_labels , "@element" = "network") | fields x, dfe_labels | limit 100