Iterator

The following scalar functions operate on an iterator. Use these functions to process or transform elements of a list.

filter(iterator, predicate)

Filters elements of the iterator based on the boolean expression predicate. You must use this function in conjunction with the iterator scalar function, as shown in the example.

Function Input

iterator: The function that defines the list to filter

predicate: expression<boolean>. If this returns true, the value is kept. If false, it is discarded.

Function Output

collection<T>

This function outputs a list of type T, where T is the element type of the iterator.

SPL2 example

If the incoming record has a field called list containing the values [1, 2, 3, 4], return a new list in results with the list [1, 2].

When working in the SPL View, you can write the function by using the following syntax.

...| eval results=filter(iterator(list, "x"), cast(x, "integer")<3);

Alternatively, you can use named arguments to list the arguments in any order.

...| eval results=filter(predicate: cast(x, "integer") < 3, iterator: iterator(list, "x"));

for_each(iterator, function)

For each element of iterator, evaluate expression function and return a new list containing the results. You must use this function in conjunction with the iterator scalar function, as shown in the example.

Function Input

iterator: The function that defines the list to transform.

function: The function to apply to each element in the iteration.

Function Output

collection<R>

This function outputs a list of type R, where R is the element type of the iterator or the data type associated with the mapper function.

1. SPL2 example

If the incoming record has a field called string_list containing the values ["a","b","c"], outputs a new list where each element of the list is prepended with foo_: ["foo_a", "foo_b", "foo_c"].

When working in the SPL View, you can write the function by using the following syntax.

...| eval string_results=for_each(iterator(string_list, "x"), concat(["foo_", x]));

2. SPL2 example

If the input record has a field called list containing the values [1,2,3] and the list type is long, then the following example adds 100 to each value and puts the new list [101, 102, 103] in a new field called results.

When working in the SPL View, you can write the function by using the following syntax.

... | eval results=for_each(iterator(list, "numval"), add(cast(100, "long"), cast(numval, "long")));

3. SPL2 example

This example adds two new key-value pairs type and unit to the metrics map. If the incoming records have a body containing a list of metric maps such as Record{"body"=[{"name"="abc", "value"=123}, {"name"="xyz", "value"=789}]} , then the following example adds type and unit to the metrics map Record{"body"=[{"name"="abc", "unit"="percent", "type"="g", "value"=123}, {"name"="xyz", "unit"="percent", "type"="g", "value"=789}]}.

When working in the SPL View, you can write the function by using the following syntax.

...| eval body=for_each(iterator(map_list, "x"), map_set(x, ["type", "g", "unit", "percent"]));

4. SPL2 example

Alternatively, you can use named arguments to list the arguments in any order.

...| eval string_results=for_each(function: concat(["foo_", x]), iterator: iterator(string_list, "x"));

iterator(input, fieldname)

Iterates through a list input and temporarily assigns each element in list input as fieldname. You must use this function in combination with the for_each or filter scalar functions.

Function Input

input: collection<R>

fieldname: string

Function Output

list of any type T

SPL2 example

Prepends "foo_" to each element of string_list.

When working in the SPL View, you can write the function by using the following syntax.

...| eval string_results=for_each(iterator(string_list, "x"), concat(["foo_", x]));

Alternatively, you can use named arguments to list the arguments in any order.

...| eval string_results=for_each(iterator(fieldname: "x", input: string_list), concat(["foo_", x]));