On April 3, 2023, Splunk Data Stream Processor will reach its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor.
For documentation on the most recent version, go to the latest release.
For Each (map)
Applies a mapper function to each event in a stream and returns a record. Use this function to edit an existing field, like a field in attributes. You can also use For Each to put a new field in a map object, like attributes as well. The API function name of For Each is map.
- Function Input
collection<record<R>>- This function takes in collections of records with schema R.
- Function Output
collection<record<S>>- This function outputs the same collection of records but with a different schema S.
Arguments
| Argument | Input | Description | UI example |
|---|---|---|---|
| mapper | expression<record<S>> | Applies a mapper scalar function to each record. Unlike Eval, the For Each function is not variadic and only accepts one mapper scalar function as an argument. If you put more than one mapper function, an error is thrown. | map-put("attributes", "index", "metrics");
|
DSL example
In a map object field, like attributes, set the key "index" to value "metrics":
map(input, map-put("attributes", "index", "metrics"));
Last modified on 02 January, 2020
| Filter | Group |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.1
Download manual
Feedback submitted, thanks!