Axiom Docs

Use the pack_dictionary function in APL to construct a dynamic property bag (dictionary) from a list of keys and values. The resulting dictionary maps each specified key to its corresponding value and allows you to store key-value pairs in a single column for downstream operations like serialization, custom grouping, or structured export. pack_dictionary is especially useful when you want to:

Create flexible data structures for export or transformation.
Group dynamic sets of key-value metrics or attributes into a single column.
Combine multiple scalar fields into a single dictionary for post-processing or output.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

While SPL doesn’t have a direct equivalent of pack_dictionary, you can simulate similar behavior using the eval command and mvzip or mvmap to construct composite objects. In APL, pack_dictionary is a simpler and more declarative way to produce key-value structures inline.

| eval dict=mvmap("key1", value1, "key2", value2)

ANSI SQL users

ANSI SQL lacks built-in support for dynamic dictionaries. You typically achieve similar functionality by manually assembling JSON strings or using vendor-specific extensions (like PostgreSQL’s jsonb_build_object). In contrast, APL provides a native and type-safe way to construct dictionaries using pack_dictionary.

SELECT '{"key1":' || value1 || ',"key2":' || value2 || '}' AS dict FROM my_table;

Usage

Syntax

pack_dictionary(key1, value1, key2, value2, ...)

Parameters

Name	Type	Description
keyN	`string`	A constant string that represents a dictionary key.
valueN	`scalar`	A scalar value to associate with the corresponding key.

The number of arguments must be even.
Keys must be constant strings.
Values can be any scalar type.

Returns

A dynamic object that represents a dictionary where each key maps to its associated value.

Use case examples

Use pack_dictionary to store request metadata in a compact format for structured inspection or export.Query

['sample-http-logs']
| extend request_info = pack_dictionary(
    'method', method,
    'uri', uri,
    'status', status,
    'duration', req_duration_ms
)
| project _time, id, request_info

Run in PlaygroundOutput

_time	id	request_info
2025-06-18T14:35:00Z	user42	`{ "method": "GET", "uri": "/home", "status": "200", "duration": 82 }`

This example creates a single request_info column that contains key HTTP request data as a dictionary, simplifying downstream analysis or visualization.

pack_array: Use this to combine scalar values into an array. Use pack_array when you don’t need named keys and want positional data instead.
bag_keys: Returns the list of keys in a dynamic dictionary. Use this to inspect or filter contents created by pack_dictionary.
bag_pack: Expands a dictionary into multiple columns. Use it to revert the packing performed by pack_dictionary.

Get started

Functions

Operators

Reference

Migration

pack_dictionary

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions