setIntersection - The intersection of two arrays
setIntersection
returns the intersection of the two arrays.
NOTE: Both arrays are treated as Sets which means
- Duplicates are removed from both arrays
- Order is not preserved in the resulting array
null
is treated as an empty set.
Syntax
Arguments
Name | Type | Required | Description |
---|---|---|---|
array1 | array of type T | true | T must be either string , bool , number , interval , timestamp , regexp or enum |
array2 | array of type T | true | T must be either string , bool , number , interval , timestamp , regexp or enum |
Example - Comparing IPs to a block list
Consider the following documents:
{
"ip_address": "156.76.87.4",
"path": "/home"
},
{
"ip_address": "156.76.87.4",
"path": "/checkout"
},
{
"ip_address": "156.76.12.4",
"path": "/home"
},
{
"ip_address": "156.76.1.4",
"path": "/home"
}
We want to see if any of the IP addresses listed in the above traffic, are in a block list. First, we'll use a collect
aggregation to create a new array.
This results in the following documents:
{
"path": "/home",
"ip_addresses": ["156.76.87.4", "156.76.12.4", "156.74.1.4"]
},
{
"path": "/checkout",
"ip_addresses": ["156.76.87.4"]
}
We now know which IP addresses accessed which paths. We can now compare them against our known block list:
This results in the following documents:
{
"path": "/home",
"ip_addresses": ["156.76.87.4", "156.76.12.4", "156.74.1.4"],
"unauthorized_ip_addresses": ["156.76.87.4", "156.76.12.4"]
},
{
"path": "/checkout",
"ip_addresses": ["156.76.87.4"],
"unauthorized_ip_addresses": []
}
As we can see, the path value /home
has been accesed by two IP addresses that are present on our block list.
Theme
Light