case_contains
Description
Returns a value based on whether a string contains one of several specified substrings.
This function is a shorthand for case expressions with contains logic and helps shorten queries that would otherwise repeat conditional statements.
Note
Like all case statements, case_contains returns the first matching value. The order of clauses is important.
Syntax
case_contains {
s: string,
substring1 -> result1,
substring2 -> result2,
...
substringN -> resultN,
_ -> default
}
Arguments
| Name | Type | Required | Description |
|---|---|---|---|
| s | string | true | The string to check for substrings |
| substring | string | true | A substring to search for within s |
| result | any | true | The value to return if the substring is found |
| _ | any | false | Default value if no substrings match |
Example
Use case: Map cluster names to environment names
Suppose you want to convert subsystem metadata into full environment names. Consider these log documents:
Example data
{
"cluster_name": "acme-prod-cluster"
},
{
"cluster_name": "acme-dev-cluster"
},
{
"cluster_name": "acme-stg-cluster"
}
Example query
create environment_name from
case_contains {
$d.cluster_name,
'-prod-' -> 'production',
'-dev-' -> 'development',
'-stg-' -> 'staging',
_ -> 'test'
}
Example output
{
"cluster_name": "acme-prod-cluster",
"environment_name": "production"
},
{
"cluster_name": "acme-dev-cluster",
"environment_name": "development"
},
{
"cluster_name": "acme-stg-cluster",
"environment_name": "staging"
}
Theme
Light