Document Center

All Products

Document Center

Product Details Download PDF

Value assignment function

Last Updated: Nov 20, 2019

This topic describes the syntax of the value assignment function and provides parameter description and function examples.

e_set

You can call this function to assign new values to fields of an event.

Syntax
```
e_set(Field 1, Value 1, Field  2, Value 2, ..., mode="overwrite")
```
Note
- The Field and Value parameters must appear in pairs.
- When you assign a value to the F_TIME or __time__ field through the e_set function, make sure that the value is a numeric string.
```
e_set(F_TIME, "abc")   # Wrong.
e_set(F_TIME, "12345678")   # Correct.
```

Parameters


Parameter	Type	Required?	Description
Field	String	Yes	The field to which the value is assigned. You can set this parameter to an expression that returns a string. For more information about how to set special field names, see Event structure and fields.
Value	Any type	Yes	The new value for the field. If the value is not a string, it is converted to a string and assigned to the field. A value of the tuple, list, or dictionary type is converted to a JSON string. For more information about the conversion rule, see Automatic type conversion during assignment. Note If the Value parameter is None, the existing value of the field remains unchanged.
mode	String	No	The overwrite mode for the field. Default value: overwrite. For more information, see Field check and overwrite modes.

Response
The updated event is returned.
Examples
- Example 1: Assign a fixed value to a field.
  Add a new field city and assign the value Shanghai to this field.
```
e_set("city", "Shanghai")
```
- Example 2: Extract the value of an existing field and assign the value to another field.
  Call a single expression function to assign the value of the existing field ret to the new field result.
```
e_set("result", v("ret"))
```
- Example 3: Assign a computed value to a field.
  Combine expression functions to obtain the value of the first existing field and assign the value in lowercase to the result field.
```
e_set("result", str_lower(v("ret", "return")))
```
- Example 4: Assign a value to a field multiple times.
  1. Assign a fixed value to the event_type field.
```
e_set("event_type", "login event")
```
  2. Assign the value login failed event to the event_type field if the value of the ret field is fail.
```
e_if(e_search('ret==fail'), e_set("event_type", "login failed event" )
```

How helpful was this page?

What might be the problems?

More suggestions?

Free Trial Free Trial