Axiom Docs

Use the array_reverse function in APL to reverse the order of elements in an array. This function is useful when you need to transform data where the sequence matters, such as reversing a list of events for chronological analysis or processing lists in descending order.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk, reversing an array is not a built-in function, so you typically manipulate the data manually or use workarounds. In APL, array_reverse simplifies this process by reversing the array directly.

# SPL does not have a direct array_reverse equivalent.

ANSI SQL users

Standard ANSI SQL lacks an explicit function to reverse an array; you generally need to create a custom solution. APL’s array_reverse makes reversing an array straightforward.

-- ANSI SQL lacks a built-in array reverse function.

Usage

Syntax

array_reverse(array_expression)

Parameters

array_expression: The array you want to reverse. This array must be of a dynamic type.

Returns

Returns the input array with its elements in reverse order.

Use case examples

Use array_reverse to inspect the sequence of actions in log entries, reversing the order to understand the initial steps of a user’s session.

Query

['sample-http-logs']
| summarize paths = make_list(uri) by id
| project id, reversed_paths = array_reverse(paths)

Run in Playground

Output

id	reversed_paths
U1234	[‘/home’, ‘/cart’, ‘/product’, ’/‘]
U5678	[‘/login’, ‘/search’, ’/’]

This example identifies a user’s navigation sequence in reverse, showing their entry point into the system.

Use array_reverse to inspect the sequence of actions in log entries, reversing the order to understand the initial steps of a user’s session.

Query

['sample-http-logs']
| summarize paths = make_list(uri) by id
| project id, reversed_paths = array_reverse(paths)

Run in Playground

Output

id	reversed_paths
U1234	[‘/home’, ‘/cart’, ‘/product’, ’/‘]
U5678	[‘/login’, ‘/search’, ’/’]

This example identifies a user’s navigation sequence in reverse, showing their entry point into the system.

Use array_reverse to analyze trace data by reversing the sequence of span events for each trace, allowing you to trace back the sequence of service calls.

Query

['otel-demo-traces']
| summarize spans = make_list(span_id) by trace_id
| project trace_id, reversed_spans = array_reverse(spans)

Run in Playground

Output

trace_id	reversed_spans
T12345	[‘S4’, ‘S3’, ‘S2’, ‘S1’]
T67890	[‘S7’, ‘S6’, ‘S5’]

This example reveals the order in which service calls were made in a trace, but in reverse, aiding in backtracking issues.

Apply array_reverse to examine security events, like login attempts or permission checks, in reverse order to identify unusual access patterns or last actions.

Query

['sample-http-logs']
| where status == '403'
| summarize blocked_uris = make_list(uri) by id
| project id, reversed_blocked_uris = array_reverse(blocked_uris)

Run in Playground

Output

id	reversed_blocked_uris
U1234	[‘/admin’, ‘/settings’, ‘/login’]
U5678	[‘/account’, ‘/dashboard’, ‘/login’]

This example helps identify the sequence of unauthorized access attempts by each user.

array_length: Returns the number of elements in an array.
array_shift_right: Shifts array elements to the right.
array_shift_left: Shifts array elements one position to the left, moving the first element to the last position.

Get started

Functions

Operators

Reference

Migration

array_reverse

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions