Arbiter Built-in Functions¶

`append`¶

Function description: Appends a value to a list.

Function parameters:

li: The list to append to.
v: The value to append.

Function return value:

list: The list with the appended value.

Function example:

Example 0:

Script content:

v = [1, 2, 3]
v = append(v, 4)
printf("%v", v)

Standard output:

[1,2,3,4]

Example 1:

Script content:

v = [1, 2, 3]
v = append(v, "a", 1.1)
printf("%v", v)

Standard output:

[1,2,3,"a",1.1]

`b64dec`¶

Function prototype: fn b64dec(data: str) -> (str, bool)

Function description: Base64 decoding.

Function parameters:

data: Data that needs to be base64 decoded.

Function return value:

str: The decoded string.
bool: Whether decoding is successful.

Function example:

Example 0:

Script content:

v = "aGVsbG8sIHdvcmxk"
v, ok = b64dec(v)
if ok {
    printf("%v", v)
}

Standard output:

hello, world

`b64enc`¶

Function prototype: fn b64enc(data: str) -> (str, bool)

Function description: Base64 encoding.

Function parameters:

data: Data that needs to be base64 encoded.

Function return value:

str: The encoded string.
bool: Whether encoding is successful.

Function example:

Example 0:

Script content:

v = "hello, world"
v = b64enc(v)
printf("%v", v)

Standard output:

aGVsbG8sIHdvcmxk

`cast`¶

Function prototype: fn cast(val: bool|int|float|str, typ: str) -> bool|int|float|str

Function description: Convert the value to the target type.

Function parameters:

val: The value of the type to be converted.
typ: Target type. One of (bool, int, float, str).

Function return value:

bool|int|float|str: The value after the conversion.

Function example:

Example 0:

Script content:

v1 = "1.1"
v2 = "1"
v2_1 = "-1"
v3 = "true"

printf("%v; %v; %v; %v; %v; %v; %v; %v\n",
    cast(v1, "float") + 1,
    cast(v2, "int") + 1,
    cast(v2_1, "int"),
    cast(v3, "bool") + 1,

    cast(cast(v3, "bool") - 1, "bool"),
    cast(1.1, "str"),
    cast(1.1, "int"),
    cast(1.1, "bool")
)

Standard output:

2.1; 2; -1; 2; false; 1.1; 1; true

`cidr`¶

Function prototype: fn cidr(ip: str, mask: str) -> bool

Function description: Check the IP whether in CIDR block

Function parameters:

ip: The ip address
mask: The CIDR mask

Function return value:

bool: Whether the IP is in CIDR block

Function example:

Example 0:

Script content:

ip = "192.0.2.233"
if cidr(ip, "192.0.2.1/24") {
    printf("%s", ip)
}

Standard output:

192.0.2.233

Example 1:

Script content:

ip = "192.0.2.233"
if cidr(mask="192.0.1.1/24", ip=ip) {
    printf("%s", ip)
}

Standard output:

`delete`¶

Function prototype: fn delete(m: map, key: str)

Function description: Delete key from the map.

Function parameters:

m: The map for deleting key
key: Key need delete from map.

Function example:

Example 0:

Script content:

v = {
    "k1": 123,
    "k2": {
        "a": 1,
        "b": 2,
    },
    "k3": [{
        "c": 1.1, 
        "d":"2.1",
    }]
}
delete(v["k2"], "a")
delete(v["k3"][0], "d")
printf("result group 1: %v; %v\n", v["k2"], v["k3"])

v1 = {"a":1}
v2 = {"b":1}
delete(key="a", m=v1)
delete(m=v2, key="b")
printf("result group 2: %v; %v\n", v1, v2)

Standard output:

result group 1: {"b":2}; [{"c":1.1}]
result group 2: {}; {}

`dql`¶

Function prototype: fn dql(query: str, qtype: str = "dql", limit: int = 2000, offset: int = 0, slimit: int = 2000, time_range: list = []) -> map

Function description: Query data from the TrueWatch using dql or promql.

Function parameters:

query: DQL or PromQL query statements.
qtype: Query language, One of dql or promql, default is dql.
limit: Query limit.
offset: Query offset.
slimit: Query slimit.
time_range: Query timestamp range, the default value can be modified externally by the script caller.

Function return value:

map: Query response.

Function example:

Example 0:

Script content:

v = dql("M::cpu limit 2 slimit 2")
v, ok = dump_json(v, "    ")
if ok {
    printf("%v", v)
}

Standard output:

{
    "series": [
        [
            {
                "columns": {
                    "time": 1744866108991,
                    "total": 7.18078381,
                    "user": 4.77876106
                },
                "tags": {
                    "cpu": "cpu-total",
                    "truewatch": "testing",
                    "host": "172.16.241.111",
                    "host_ip": "172.16.241.111",
                    "name": "cpu",
                    "project": "cloudcare-testing"
                }
            },
            {
                "columns": {
                    "time": 1744866103991,
                    "total": 10.37376049,
                    "user": 7.17009916
                },
                "tags": {
                    "cpu": "cpu-total",
                    "truewatch": "testing",
                    "host": "172.16.241.111",
                    "host_ip": "172.16.241.111",
                    "name": "cpu",
                    "project": "cloudcare-testing"
                }
            }
        ],
        [
            {
                "columns": {
                    "time": 1744866107975,
                    "total": 21.75562864,
                    "user": 5.69187959
                },
                "tags": {
                    "cpu": "cpu-total",
                    "truewatch": "testing",
                    "host": "172.16.242.112",
                    "host_ip": "172.16.242.112",
                    "name": "cpu",
                    "project": "cloudcare-testing"
                }
            },
            {
                "columns": {
                    "time": 1744866102975,
                    "total": 16.59466328,
                    "user": 5.28589581
                },
                "tags": {
                    "cpu": "cpu-total",
                    "truewatch": "testing",
                    "host": "172.16.242.112",
                    "host_ip": "172.16.242.112",
                    "name": "cpu",
                    "project": "cloudcare-testing"
                }
            }
        ]
    ],
    "status_code": 200
}

`dql_series_get`¶

Function prototype: fn dql_series_get(series: map, name: str) -> list

Function description: get series data

Function parameters:

series: dql query result
name: column or tag name

Function return value:

list: specified column or tag value for the series

Function example:

Example 0:

Script content:

v = dql("M::cpu limit 2 slimit 2") 

hostLi = dql_series_get(v, "host")
time_li = dql_series_get(v, "time")

printf("%v", {"host": hostLi, "time": time_li})

Standard output:

{"host":[["172.16.241.111","172.16.241.111"],["172.16.242.112","172.16.242.112"]],"time":[[1744866108991,1744866103991],[1744866107975,1744866102975]]}

`dql_timerange_get`¶

Function prototype: fn dql_timerange_get() -> list

Function description: Get the time range of the DQL query, which is passed in by the script caller or defaults to the last 15 minutes.

Function return value:

list: The time range. For example, [1744214400000, 1744218000000], the timestamp precision is milliseconds

Function example:

Example 0:

Script content:

val = dql_timerange_get()
printf("%v", val)

Standard output:

[1672531500000,1672532100000]

Example 1:

Script content:

val = dql_timerange_get()
printf("%v", val)

Standard output:

[1672531200000,1672532100000]

`dump_json`¶

Function prototype: fn dump_json(v: str, indent: str = "") -> (str, bool)

Function description: Returns the JSON encoding of v.

Function parameters:

v: Object to encode.
indent: Indentation prefix.

Function return value:

str: JSON encoding of v.
bool: Whether decoding is successful.

Function example:

Example 0:

Script content:

v = {"a": 1, "b": 2.1}
v, ok = dump_json(v)
if ok {
    printf("%v", v)
}

Standard output:

{"a":1,"b":2.1}

Example 1:

Script content:

v = {"a": 1, "b": 2.1}
v, ok = dump_json(v, "  ")
if ok {
    printf("%v", v)
}

Standard output:

{
  "a": 1,
  "b": 2.1
}

`exit`¶

Function prototype: fn exit()

Function description: Exit the program

Function example:

Example 0:

Script content:

printf("1\n")
printf("2\n")
exit()
printf("3\n")

Standard output:

1
2

`format_int`¶

Function prototype: fn format_int(val: int, base: int) -> str

Function description: Formats an integer into a string.

Function parameters:

val: The integer to format.
base: The base to use for formatting. Must be between 2 and 36.

Function return value:

str: The formatted string.

Function example:

Example 0:

Script content:

v = format_int(16, 16)
printf("%s", v)

Standard output:

`geoip`¶

Function prototype: fn geoip(ip: str) -> map

Function description: GeoIP

Function parameters:

ip: IP address.

Function return value:

map: IP geographical information.

Function example:

Example 0:

Script content:

v = geoip("127.0.0.1")
printf("%v", v)

Standard output:

{"city":"","country":"","isp":"unknown","province":""}

Example 1:

Script content:

ip_addr = "114.114.114.114"
v, ok = dump_json(geoip(ip_addr), "    ");
if ok {
    printf("%v", v)
}

Standard output:

 {
    "city": "Ji'an",
    "country": "CN",
    "isp": "chinanet",
    "province": "Jiangxi"
}

`gjson`¶

Function description: GJSON provides a fast and easy way to get values from a JSON document.

Function parameters:

input: JSON format string to parse.
json_path: JSON path.

Function return value:

bool|int|float|str|list|map: Parsed result.
bool: Parsed status.

Function example:

Example 0:

Script content:

v='''{
    "name": {"first": "Tom", "last": "Anderson"},
    "age": 37,
    "children": ["Sara","Alex","Jack"],
    "fav.movie": "Deer Hunter",
    "friends": [
        {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
        {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
        {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
    ]
}'''
age, ok = gjson(v, "age")
if ok {
    printf("%.0f", age)
} else {
    printf("not found")
}

Standard output:

Example 1:

Script content:

v='''{
    "name": {"first": "Tom", "last": "Anderson"},
    "age": 37,
    "children": ["Sara","Alex","Jack"],
    "fav.movie": "Deer Hunter",
    "friends": [
        {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
        {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
        {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
    ]
}'''
name, ok = gjson(v, "name")
printf("%v", name)

Standard output:

{"first": "Tom", "last": "Anderson"}

Example 2:

Script content:

v='''[
    {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
    {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
    {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
]'''
net, ok = gjson(v, "0.nets.2")
printf("%v", net)

Standard output:

tw

`grok`¶

Function prototype: fn grok(input: str, pattern: str, extra_patterns: map = {}, trim_space: bool = true) -> (map, bool)

Function description: Extracts data from a string using a Grok pattern. Grok is based on regular expression syntax, and using regular (named) capture groups in a pattern is equivalent to using a pattern in a pattern. A valid regular expression is also a valid Grok pattern.

Function parameters:

input: The input string used to extract data.
pattern: The pattern used to extract data.
extra_patterns: Additional patterns for parsing patterns.
trim_space: Whether to trim leading and trailing spaces from the parsed value.

Function return value:

map: The parsed result.
bool: Whether the parsing was successful.

Function example:

Example 0:

Script content:

app_log="2021-01-11T17:43:51.887+0800  DEBUG io  io/io.go:458  post cost 6.87021ms"

# Use built-in patterns, named capture groups, custom patterns, extract fields;
# convert the type of the extracted field by specifying the type.
v, ok = grok(
    app_log,
    "%{TIMESTAMP_ISO8601:log_time}\\s+(?P<log_level>[a-zA-Z]+)\\s+%{WORD}\\s+%{log_code_pos_pattern:log_code_pos}.*\\s%{NUMBER:log_cost:float}ms", 
    {
        "log_code_pos_pattern": "[a-zA-Z0-9/\\.]+:\\d+", 
    }
)

if ok {
    v, ok = dump_json(v, "  ")
    if ok {
        printf("%v", v)
    }
}

Standard output:

{
  "log_code_pos": "io/io.go:458",
  "log_cost": 6.87021,
  "log_level": "DEBUG",
  "log_time": "2021-01-11T17:43:51.887+0800"
}

`hash`¶

Function prototype: fn hash(text: str, method: str) -> str

Function description:

Function parameters:

text: The string used to calculate the hash.
method: Hash Algorithms, allowing values including md5, sha1, sha256, sha512.

Function return value:

str: The hash value.

Function example:

Example 0:

Script content:

printf("%v", hash("abc", "md5"))

Standard output:

900150983cd24fb0d6963f7d28e17f72

Example 1:

Script content:

printf("%v", hash("abc", "sha1"))

Standard output:

a9993e364706816aba3e25717850c26c9cd0d89d

Example 2:

Script content:

printf("%v", hash("abc", "sha256"))

Standard output:

ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

Example 3:

Script content:

printf("%v", hash("abc", "sha512"))

Standard output:

ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

Example 4:

Script content:
```
printf("%v", hash("abc", "xx"))
```
Standard output:

`http_request`¶

Function prototype: fn http_request(method: str, url: str, body: bool|int|float|str|list|map = nil, headers: map = {}) -> map

Function description: Used to send http request.

Function parameters:

method: HTTP request method
url: HTTP request url
body: HTTP request body
headers: HTTP request headers

Function return value:

map: HTTP response

Function example:

Example 0:

Script content:

resp = http_request("GET", "http://test-domain/test")
delete(resp["headers"], "Date")
resp_str, ok = dump_json(resp, "    ")
printf("%s", resp_str)

Standard output:

{
    "body": "{\"code\":200, \"message\":\"success\"}",
    "headers": {
        "Content-Length": "33",
        "Content-Type": "application/json"
    },
    "status_code": 200
}

Example 1:

Script content:

resp = http_request("GET", "http://localhost:80/test")

# Usually, access to private IPs will be blocked,
# you need to contact the administrator.

resp_str, ok = dump_json(resp, "    ")
printf("%s", resp_str)

Standard output:

{
    "error": "Get \"http://localhost:80/test\": resolved IP 127.0.0.1 is blocked"
}

`len`¶

Function prototype: fn len(val: map|list|str) -> int

Function description: Get the length of the value. If the value is a string, returns the length of the string. If the value is a list or map, returns the length of the list or map.

Function parameters:

val: The value to get the length of.

Function return value:

int: The length of the value.

Function example:

Example 0:

Script content:
```
printf("%v", len("abc"))
```
Standard output:
```
3
```
Example 1:

Script content:
```
printf("%v", len([1, 2, 3]))
```
Standard output:
```
3
```

Example 2:

Script content:

printf("%v", len({"a": 1, "b": 2, "c": 3}))

Standard output:

`load_json`¶

Function description: Unmarshal json string

Function parameters:

val: JSON string.

Function return value:

bool|int|float|str|list|map: Unmarshal result.
bool: Unmarshal status.

Function example:

Example 0:

Script content:

jstr = '{"a": 1, "b": 2, "c": 3}'
v, ok = load_json(jstr)
if ok {
    printf("%v", v["b"])
}

Standard output:

`lowercase`¶

Function prototype: fn lowercase(val: str) -> str

Function description: Converts a string to lowercase.

Function parameters:

val: The string to convert.

Function return value:

str: Returns the lowercase value.

Function example:

Example 0:

Script content:
```
printf("%s", lowercase("ABC"))
```
Standard output:
```
abc
```

`match`¶

Function prototype: fn match(val: str, pattern: str, n: int = 1) -> (list, bool)

Function description: Regular expression matching.

Function parameters:

val: The string to match.
pattern: Regular expression pattern.
n: The number of matches to return. Defaults to 1, -1 for all matches.

Function return value:

list: Returns the matched value.
bool: Returns true if the regular expression matches.

Function example:

Example 0:

Script content:

text="abc def 123 abc def 123"
v, ok = match(text, "(abc) (?:def) (?P<named_group>123)")
if ok {
    printf("%v", v)
}

Standard output:

[["abc def 123","abc","123"]]

Example 1:

Script content:

text="abc def 123 abc def 123"
v, ok = match(text, "(abc) (?:def) (?P<named_group>123)", -1)
if ok {
    printf("%v", v)
}

Standard output:

[["abc def 123","abc","123"],["abc def 123","abc","123"]]

`parse_date`¶

Function prototype: fn parse_date(date: str, timezone: str = "") -> (int, bool)

Function description: Parses a date string to a nanoseconds timestamp, support multiple date formats. If the date string not include timezone and no timezone is provided, the local timezone is used.

Function parameters:

date: The key to use for parsing.
timezone: The timezone to use for parsing. If

Function return value:

int: The parsed timestamp in nanoseconds.
bool: Whether the parsing was successful.

Function example:

Example 0:

Script content:

v, ok = parse_date("2021-12-2T11:55:43.123+0800")
if ok {
    printf("%v", v)
}

Standard output:

1638417343123000000

Example 1:

Script content:

v, ok = parse_date("2021-12-2T11:55:43.123", "+8")
if ok {
    printf("%v", v)
}

Standard output:

1638417343123000000

Example 2:

Script content:

v, ok = parse_date("2021-12-2T11:55:43.123", "Asia/Shanghai")
if ok {
    printf("%v", v)
}

Standard output:

1638417343123000000

`parse_duration`¶

Function prototype: fn parse_duration(s: str) -> (int, bool)

Function description: Parses a golang duration string into a duration. A duration string is a sequence of possibly signed decimal numbers with optional fraction and unit suffixes for each number, such as 300ms, -1.5h or 2h45m. Valid units are ns, us (or μs), ms, s, m, h.

Function parameters:

s: The string to parse.

Function return value:

int: The duration in nanoseconds.
bool: Whether the duration is valid.

Function example:

Example 0:

Script content:

v, ok = parse_duration("1s")
if ok {
    printf("%v", v)
}

Standard output:

1000000000

Example 1:

Script content:

v, ok = parse_duration("100ns")
if ok {
    printf("%v", v)
}

Standard output:

`parse_int`¶

Function prototype: fn parse_int(val: str, base: int) -> (int, bool)

Function description: Parses a string into an integer.

Function parameters:

val: The string to parse.
base: The base to use for parsing. Must be between 2 and 36.

Function return value:

int: The parsed integer.
bool: Whether the parsing was successful.

Function example:

Example 0:

Script content:

v, ok = parse_int("123", 10)
if ok {
    printf("%v", v)
}

Standard output:

Example 1:

Script content:

v, ok = parse_int("123", 16)    
if ok {
    printf("%v", v)
}

Standard output:

`printf`¶

Function description: Output formatted strings to the standard output device.

Function parameters:

format: String format.
args: Argument list, corresponding to the format specifiers in the format string.

Function example:

Example 0:

Script content:

printf("hello, %s", "world")

Standard output:

hello, world

`replace`¶

Function prototype: fn replace(input: str, pattern: str, replacement: str) -> (str, bool)

Function description: Replaces text in a string.

Function parameters:

input: The string to replace text in.
pattern: Regular expression pattern.
replacement: Replacement text to use.

Function return value:

str: The string with text replaced.
bool: True if the pattern was found and replaced, false otherwise.

Function example:

Example 0:

Script content:

v, ok = replace("abcdef", "bc", "123")
printf("%s", v)

Standard output:

a123def

Example 1:

Script content:

v, ok = replace("bonjour; 你好", "[\u4e00-\u9fa5]+", "hello")
printf("%s", v)

Standard output:

bonjour; hello

`sql_cover`¶

Function prototype: fn sql_cover(val: str) -> (str, bool)

Function description: Obfuscate SQL query string.

Function parameters:

val: The sql to obfuscate.

Function return value:

str: The obfuscated sql.
bool: The obfuscate status.

Function example:

Example 0:

Script content:

v, ok = sql_cover("select abc from def where x > 3 and y < 5")
if ok {
    printf("%s",v)
}

Standard output:

select abc from def where x > ? and y < ?

Example 1:

Script content:

v, ok = sql_cover("SELECT $func$INSERT INTO table VALUES ('a', 1, 2)$func$ FROM users")
if ok {
    printf("%s",v)
}

Standard output:

SELECT ? FROM users

Example 2:

Script content:

v, ok = sql_cover("SELECT ('/uffd')")
if ok {
    printf("%s",v)
}

Standard output:

SELECT ( ? )

`str_join`¶

Function prototype: fn str_join(li: list, sep: str) -> str

Function description: String join.

Function parameters:

li: List to be joined with separator. The elements type need to be string, if not, they will be ignored. -- sep: Separator to be used between elements.

Function return value:

str: Joined string.

Function example:

Example 0:

Script content:

v = str_join(["a", "b", "c"], "##")
printf("%s", v)

Standard output:

a##b##c

`strfmt`¶

Function description:

Function parameters:

format: String format.
args: Parameters to replace placeholders.

Function return value:

str: String.

Function example:

Example 0:

Script content:

v = strfmt("abc %s def %d", "123", 456)
printf("%s", v)

Standard output:

abc 123 def 456

`time_now`¶

Function prototype: fn time_now(precision: str = "ns") -> int

Function description: Get current timestamp with the specified precision.

Function parameters:

precision: The precision of the timestamp. Supported values: ns, us, ms, s.

Function return value:

int: Returns the current timestamp.

Function example:

Example 0:

Script content:
```
printf("%v", time_now("s"))
```
Standard output:
```
1745823860
```

`trigger`¶

Function prototype: fn trigger(result: int|float|bool|str, status: str = "", dimension_tags: map = {}, related_data: map = {})

Function description: Trigger a security event.

Function parameters:

result: Event check result.
status: Event status. One of: (critical, high, medium, low, info).
dimension_tags: Dimension tags.
related_data: Related data.

Function example:

Example 0:

Script content:
```
trigger(1, "critical", {"tag_abc":"1"}, {"a":"1", "a1":2.1})

trigger(result=2, dimension_tags={"a":"1", "b":"2"}, related_data={"b": {}})

trigger(false, related_data={"a":1, "b":2}, status="critical")

trigger("hello", dimension_tags={}, related_data={"a":1, "b":[1]}, status="critical")
```
Standard output:
Trigger output:
```
                                           
```
name="__codelineno-106-1">[ { "result": 1, "status": "critical", "dimension_tags": { "tag_abc": "1" }, "related_data": { "a": "1", "a1": 2.1 } }, { "result": 2, "status": "", "dimension_tags": { "a": "1", "b": "2" }, "related_data": { "b": {} } }, { "result": false, "status": "critical", "dimension_tags": {}, "related_data": { "a": 1, "b": 2 } }, { "result": "hello", "status": "critical", "dimension_tags": {}, "related_data": { "a": 1, "b": [ 1 ] } } ]

`trim`¶

Function prototype: fn trim(val: str, cutset: str = "", side: int = 0) -> str

Function description: Removes leading and trailing whitespace from a string.

Function parameters:

val: The string to trim.
cutset: Characters to remove from the beginning and end of the string. If not specified, whitespace is removed.
side: The side to trim from. If value is 0, trim from both sides. If value is 1, trim from the left side. If value is 2, trim from the right side.

Function return value:

str: The trimmed string.

Function example:

Example 0:

Script content:
```
printf("%s", trim(" abcdef "))
```
Standard output:
```
abcdef
```

Example 1:

Script content:

printf("%s", trim("#-abcdef-#", "-#", 2))

Standard output:

#-abcdef

Example 2:

Script content:

printf("%s", trim("#-abcdef-#", "-#", 1))

Standard output:

abcdef-#

Example 3:

Script content:

printf("%s", trim("#-abcdef-#", side=0, cutset="-#"))

Standard output:

abcdef

`uppercase`¶

Function prototype: fn uppercase(val: str) -> str

Function description: Converts a string to uppercase.

Function parameters:

val: The string to convert.

Function return value:

str: Returns the uppercase value.

Function example:

Example 0:

Script content:
```
printf("%s", uppercase("abc"))
```
Standard output:
```
ABC
```

`url_decode`¶

Function prototype: fn url_decode(val: str) -> (str, bool)

Function description: Decodes a URL-encoded string.

Function parameters:

val: The URL-encoded string to decode.

Function return value:

str: The decoded string.
bool: The decoding status.

Function example:

Example 0:

Script content:

v, ok = url_decode("https:%2F%2Fkubernetes.io%2Fdocs%2Freference%2Faccess-authn-authz%2Fbootstrap-tokens%2F")
if ok {
    printf("%s", v)
}

Standard output:

https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/

`url_parse`¶

Function prototype: fn url_parse(url: str) -> (map, bool)

Function description: Parses a URL and returns it as a map.

Function parameters:

url: The URL to parse.

Function return value:

map: Returns the parsed URL as a map.
bool: Returns true if the URL is valid.

Function example:

Example 0:

Script content:

v, ok = url_parse("http://www.example.com:8080/path/to/file?query=abc")
if ok {
    v, ok = dump_json(v, "  ")
    if ok {
        printf("%v", v)
    }
}

Standard output:

{
  "host": "www.example.com:8080",
  "params": {
    "query": [
      "abc"
    ]
  },
  "path": "/path/to/file",
  "port": "8080",
  "scheme": "http"
}

`user_agent`¶

Function prototype: fn user_agent(header: str) -> map

Function description: Parses a User-Agent header.

Function parameters:

header: The User-Agent header to parse.

Function return value:

map: Returns the parsed User-Agent header as a map.

Function example:

Example 0:

Script content:

v = user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36")
printf("%s", v)

Standard output:

{"browser":"Chrome","browserVer":"96.0.4664.110","engine":"AppleWebKit","engineVer":"537.36","isBot":false,"isMobile":false,"os":"Intel Mac OS X 10_15_7","ua":"Macintosh"}

`valid_json`¶

Function prototype: fn valid_json(val: str) -> bool

Function description: Returns true if the value is a valid JSON.

Function parameters:

val: The value to check.

Function return value:

bool: Returns true if the value is a valid JSON.

Function example:

Example 0:

Script content:

ok = valid_json("{\"a\": 1, \"b\": 2}")
if ok {
    printf("true")
}

Standard output:

true

Example 1:

Script content:

ok = valid_json("1.1")
if ok {
    printf("true")
}

Standard output:

true

Example 2:

Script content:

ok = valid_json("str_abc_def")
if !ok {
    printf("false")
}

Standard output:

false

`value_type`¶

Function prototype: fn value_type(val: str) -> str

Function description: Returns the type of the value.

Function parameters:

val: The value to get the type of.

Function return value:

str: Returns the type of the value. One of (bool, int, float, str, list, map, nil). If the value and the type is nil, returns nil.

Function example:

Example 0:

Script content:
```
v = value_type(1)
printf("%s", v)
```
Standard output:
```
int
```
Example 1:

Script content:
```
printf("%s", value_type("abc"))
```
Standard output:
```
str
```
Example 2:

Script content:
```
printf("%s", value_type(true))
```
Standard output:
```
bool
```

`xml_query`¶

Function prototype: fn xml_query(input: str, xpath: str) -> (str, bool)

Function description: Returns the value of an XML field.

Function parameters:

input: The XML input to get the value of.
xpath: The XPath expression to get the value of.

Function return value:

str: Returns the value of the XML field.
bool: Returns true if the field exists, false otherwise.

Function example:

Example 0:

Script content:

xml_data='''
<OrderEvent actionCode = "5">
 <OrderNumber>ORD12345</OrderNumber>
 <VendorNumber>V11111</VendorNumber>
 </OrderEvent>
'''
v, ok = xml_query(xml_data, "/OrderEvent/OrderNumber/text()")
if ok {
    printf("%s", v)
}

Standard output:

ORD12345

Example 1:

Script content:

xml_data='''
<OrderEvent actionCode = "5">
 <OrderNumber>ORD12345</OrderNumber>
 <VendorNumber>V11111</VendorNumber>
 </OrderEvent>
'''
v, ok = xml_query(xml_data, "/OrderEvent/@actionCode")
if ok {
    printf("%s", v)
}

Standard output:

Arbiter Built-in Functions¶

append¶

b64dec¶

b64enc¶

cast¶

cidr¶

delete¶

dql¶

dql_series_get¶

dql_timerange_get¶

dump_json¶

exit¶

format_int¶

geoip¶

gjson¶

grok¶

hash¶

http_request¶

len¶

load_json¶

lowercase¶

match¶

parse_date¶

parse_duration¶

parse_int¶

printf¶

replace¶

sql_cover¶

str_join¶

strfmt¶

time_now¶

trigger¶

trim¶

uppercase¶

url_decode¶

url_parse¶

user_agent¶

valid_json¶

value_type¶

xml_query¶

`append`¶

`b64dec`¶

`b64enc`¶

`cast`¶

`cidr`¶

`delete`¶

`dql`¶

`dql_series_get`¶

`dql_timerange_get`¶

`dump_json`¶

`exit`¶

`format_int`¶

`geoip`¶

`gjson`¶

`grok`¶

`hash`¶

`http_request`¶

`len`¶

`load_json`¶

`lowercase`¶

`match`¶

`parse_date`¶

`parse_duration`¶

`parse_int`¶

`printf`¶

`replace`¶

`sql_cover`¶

`str_join`¶

`strfmt`¶

`time_now`¶

`trigger`¶

`trim`¶

`uppercase`¶

`url_decode`¶

`url_parse`¶

`user_agent`¶

`valid_json`¶

`value_type`¶

`xml_query`¶