The array_concat function in APL (Axiom Processing Language) concatenates two or more arrays into a single array. Use this function when you need to merge multiple arrays into a single array structure. It’s particularly useful for situations where you need to handle and combine collections of elements across different fields or sources, such as log entries, OpenTelemetry trace data, or security logs.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In SPL, you typically use the mvappend function to concatenate multiple fields or arrays into a single array. In APL, the equivalent is array_concat, which also combines arrays but requires you to specify each array as a parameter.
| eval combined_array = mvappend(array1, array2, array3)
ANSI SQL doesn’t natively support an array concatenation function across different arrays. Instead, you typically use UNION to combine results from multiple arrays or collections. In APL, array_concat allows you to directly concatenate multiple arrays, providing a more straightforward approach.
SELECT array1 UNION ALL array2 UNION ALL array3

Usage

Syntax

array_concat(array1, array2, ...)

Parameters

  • array1: The first array to concatenate.
  • array2: The second array to concatenate.
  • ...: Additional arrays to concatenate.

Returns

An array containing all elements from the input arrays in the order they are provided.

Use case examples

In log analysis, you can use array_concat to merge collections of user requests into a single array to analyze request patterns across different endpoints.Query
['sample-http-logs']
| take 50
| summarize combined_requests = array_concat(pack_array(uri), pack_array(method))
Run in PlaygroundOutput
_timeurimethodcombined_requests
2024-10-28T12:30:00/api/v1/textdata/cnfigsPOST[“/api/v1/textdata/cnfigs”, “POST”]
This example concatenates the uri and method values into a single array for each log entry, allowing for combined analysis of access patterns and request methods in log data.