The array_concat function in APL (Axiom Processing Language) concatenates two or more arrays into a single array. Use this function when you need to merge multiple arrays into a single array structure. It’s particularly useful for situations where you need to handle and combine collections of elements across different fields or sources, such as log entries, OpenTelemetry trace data, or security logs.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

array_concat(array1, array2, ...)

Parameters

  • array1: The first array to concatenate.
  • array2: The second array to concatenate.
  • ...: Additional arrays to concatenate.

Returns

An array containing all elements from the input arrays in the order they are provided.

Use case examples

In log analysis, you can use array_concat to merge collections of user requests into a single array to analyze request patterns across different endpoints.Query
['sample-http-logs']
| take 50
| summarize combined_requests = array_concat(pack_array(uri), pack_array(method))
Run in PlaygroundOutput
_timeurimethodcombined_requests
2024-10-28T12:30:00/api/v1/textdata/cnfigsPOST[“/api/v1/textdata/cnfigs”, “POST”]
This example concatenates the uri and method values into a single array for each log entry, allowing for combined analysis of access patterns and request methods in log data.