case_equals
Description
Returns a value based on whether an expression equals one of several specified values.
This function is a shorthand for case expressions with equality (==) logic and helps shorten queries that would otherwise repeat conditional statements.
Note
Like all case statements, case_equals returns the first matching value. The order of clauses is important.
Syntax
Arguments
| Name | Type | Required | Description |
|---|---|---|---|
| e | any | true | The expression to compare against values |
| value | any | true | A value to compare with e |
| result | any | true | The value to return if e equals value |
| _ | any | false | Default value if no values match |
Example
Use case: Flag environments for alerting
Suppose you want to create a field should_alert that is true for environments where alerts should fire and false otherwise. Consider these log documents:
Example data
{
"cluster_name": "acme-prod-cluster"
},
{
"cluster_name": "acme-dev-cluster"
},
{
"cluster_name": "acme-stg-cluster"
}
Example query
create should_alert from
case_equals {
$d.cluster_name,
'acme-prod-cluster' -> true,
'acme-dev-cluster' -> false,
'acme-stg-cluster' -> true,
_ -> false
}
Example output
{
"cluster_name": "acme-prod-cluster",
"should_alert": true
},
{
"cluster_name": "acme-dev-cluster",
"should_alert": false
},
{
"cluster_name": "acme-stg-cluster",
"should_alert": true
}
Theme
Light