set_has_element
This page explains how to use the set_has_element function in APL.
set_has_element returns true when a dynamic array contains a specific element and false when it does not. Use it to perform fast membership checks on values that you have already aggregated into a set with functions such as make_set.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk, you usually call in for scalar membership or use multivalue functions such as mvfind for arrays. set_has_element plays the role of those helpers after you build a multivalue field with stats values.
ANSI SQL users
ANSI SQL users
Standard SQL has no built-in array type, but dialects that implement arrays (for example PostgreSQL) use the ANY or member of operators. set_has_element is the APL counterpart and is applied after you build an array with ARRAY_AGG equivalents such as make_set.
Usage
Syntax
Parameters
| Name | Type | Description |
|---|---|---|
set | dynamic | The array to search. |
value | scalar | The element to look for. Accepts long, real, datetime, timespan, string, bool. |
Returns
A bool that is true when value exists in set and false otherwise.
Example
Use set_has_element to determine if a set contains a specific value.
Query
Output
| _time | hasElement |
|---|---|
| May 22, 11:42:52 | true |
List of related functions
- set_difference: Returns elements in the first array that are not in the second. Use it to find exclusions.
- set_union: Returns the union of two or more sets. Use it when you need any element that appears in at least one set instead of every set.