Skip to main content
The strcat_array function in Axiom Processing Language (APL) allows you to concatenate the elements of an array into a single string, with an optional delimiter separating each element. This function is useful when you need to transform a set of values into a readable or exportable format, such as combining multiple log entries, tracing IDs, or security alerts into a single output for further analysis or reporting.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, concatenation typically involves transforming fields into a string using the eval command with the + operator or mvjoin() for arrays. In APL, strcat_array simplifies array concatenation by natively supporting array input with a delimiter.
In ANSI SQL, concatenation involves functions like STRING_AGG() or manual string building using CONCAT(). APL’s strcat_array is similar to STRING_AGG(), but focuses on array input directly with a customizable delimiter.

Usage

Syntax

Parameters

Returns

A single concatenated string with the array’s elements separated by the specified delimiter.

Use case example

You can use strcat_array to combine HTTP methods and URLs for a quick summary of unique request paths. Query
Run in Playground Output This query summarizes unique HTTP method and URL combinations into a single, readable string.