array_index_of()

Applies to: ✅ Azure Data ExplorerAzure MonitorMicrosoft Sentinel

Searches an array for the specified item, and returns its position.

Syntax

array_index_of(array, value [, start [, length [, occurence ]]])

Learn more about syntax conventions.

Parameters

Name Type Required Description
array dynamic ✔️ The array to search.
value long, int, datetime, timespan, string, guid, or bool ✔️ The value to lookup.
start int The search start position. A negative value will offset the starting search value from the end of the array by abs(start) steps.
length int The number of values to examine. A value of -1 means unlimited length.
occurrence int The number of the occurrence. The default is 1.

Returns

Returns a zero-based index position of lookup. Returns -1 if the value isn't found in the array. Returns null for irrelevant inputs (occurrence < 0 or length < -1).

Example

The following example shows the position number of specific words within the array.

let arr=dynamic(["this", "is", "an", "example", "an", "example"]);
print
 idx1 = array_index_of(arr,"an")    // lookup found in input string
 , idx2 = array_index_of(arr,"example",1,3) // lookup found in researched range 
 , idx3 = array_index_of(arr,"example",1,2) // search starts from index 1, but stops after 2 values, so lookup can't be found
 , idx4 = array_index_of(arr,"is",2,4) // search starts after occurrence of lookup
 , idx5 = array_index_of(arr,"example",2,-1)  // lookup found
 , idx6 = array_index_of(arr, "an", 1, -1, 2)   // second occurrence found in input range
 , idx7 = array_index_of(arr, "an", 1, -1, 3)   // no third occurrence in input array
 , idx8 = array_index_of(arr, "an", -3)   // negative start index will look at last 3 elements
 , idx9 = array_index_of(arr, "is", -4)   // negative start index will look at last 3 elements

Output

idx1 idx2 idx3 idx4 idx5 idx6 idx7 idx8 idx9
2 3 -1 -1 3 4 -1 4 -1

Use set_has_element(arr, value) to check whether a value exists in an array. This function will improve the readability of your query. Both functions have the same performance.