Combine Values of Multiple Fields

Create a new field by combining values from multiple fields using the format() function

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] 2["Expression"] result{{Result Set}} repo --> 1 1 --> 2 2 --> result
logscale
format(format="%s,%s", field=[a, b], as="combined")
table(combined)

Introduction

The format() function can be used to combine values from multiple fields into a single field using a specified format pattern.

In this example, the format() function is used to combine values from two fields a and b into a single field combined using a comma as a separator.

Example incoming data might look like this:

@timestampab
1686048000000000000JohnSmith
1686048001000000000JaneDoe
1686048002000000000BobJohnson
1686048003000000000AliceBrown
1686048004000000000MikeDavis

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] 2["Expression"] result{{Result Set}} repo --> 1 1 --> 2 2 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    format(format="%s,%s", field=[a, b], as="combined")

    Creates a new field named combined by combining the values from fields a and b using a comma as separator. The format parameter specifies the format string where each %s is replaced with the corresponding field value in the order specified in the field parameter.

  3. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] 2["Expression"] result{{Result Set}} repo --> 1 1 --> 2 2 --> result style 2 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    table(combined)

    Displays the results in a table showing only the newly created combined field.

  4. Event Result set.

Summary and Results

The query is used to merge values from multiple fields into a single field using a specified format pattern.

This query is useful, for example, to create concatenated values for reporting, to prepare data for export, or to simplify complex multi-field data structures into a single field.

Sample output from the incoming example data:

combined
John,Smith
Jane,Doe
Bob,Johnson
Alice,Brown
Mike,Davis