Skip to content

Arbiter Built-in Functions

append

Function Prototype: fn append(li: list, v: ...bool|int|float|str|list|map) -> list

Function Description: Appends a value to a list.

Function Parameters:

  • li: The list to append to.
  • v: The value to append.

Function Return Value:

  • list: The list with the appended value.

Function Examples:

  • Example 0:

    Script Content:

    v = [1, 2, 3]
v = append(v, 4)
printf("%v", v)

    Standard Output:

    [1,2,3,4]

  • Example 1:

    Script Content:

    v = [1, 2, 3]
v = append(v, "a", 1.1)
printf("%v", v)

    Standard Output:

    [1,2,3,"a",1.1]

b64dec

Function Prototype: fn b64dec(data: str) -> (str, bool)

Function Description: Base64 decoding.

Function Parameters:

  • data: Data that needs to be base64 decoded.

Function Return Value:

  • str: The decoded string.
  • bool: Whether decoding is successful.

Function Examples:

  • Example 0:

    Script Content:

    v = "aGVsbG8sIHdvcmxk"
v, ok = b64dec(v)
if ok {
    printf("%v", v)
}

    Standard Output:

    hello, world

b64enc

Function Prototype: fn b64enc(data: str) -> (str, bool)

Function Description: Base64 encoding.

Function Parameters:

  • data: Data that needs to be base64 encoded.

Function Return Value:

  • str: The encoded string.
  • bool: Whether encoding is successful.

Function Examples:

  • Example 0:

    Script Content:

    v = "hello, world"
v = b64enc(v)
printf("%v", v)

    Standard Output:

    aGVsbG8sIHdvcmxk

call_func

Function Prototype: fn call_func(name: str, kwargs: map = {}) -> map

Function Description: Calling remote functions on the Function platform

Function Parameters:

  • name: Remote function name.
  • kwargs: Parameter map, corresponding to **kwargs in Python.

Function Return Value:

  • map:

Function Examples:

  • Example 0:

    Script Content:

    result = call_func("echo", {
    "arg_1": "1",
    "arg_2": [12,3],
    "key3": "true"
})
printf("%v", result)

    Standard Output:

    {"error":"","message":"","ok":true,"reason":"","result":{"arg_1":"1","arg_2":[12,3],"kwargs":{"key3":"true"}}}

  • Example 1:

    Script Content:

    result = call_func("echo", {"arg_2": [12,3]})
printf("%v", result)

    Standard Output:

    {"detail":{"exeception":"TypeError(\"echo() missing 1 required positional argument: 'arg_1'\")"},"error":"call function failed, api status code 599","message":"Func task failed","ok":false,"reason":"EFuncFailed"}

cast

Function Prototype: fn cast(val: bool|int|float|str, typ: str) -> bool|int|float|str

Function Description: Convert the value to the target type.

Function Parameters:

  • val: The value of the type to be converted.
  • typ: Target type. One of (bool, int, float, str).

Function Return Value:

  • bool|int|float|str: The value after the conversion.

Function Examples:

  • Example 0:

    Script Content:

    v1 = "1.1"
v2 = "1"
v2_1 = "-1"
v3 = "true"

printf("%v; %v; %v; %v; %v; %v; %v; %v\n",
    cast(v1, "float") + 1,
    cast(v2, "int") + 1,
    cast(v2_1, "int"),
    cast(v3, "bool") + 1,

    cast(cast(v3, "bool") - 1, "bool"),
    cast(1.1, "str"),
    cast(1.1, "int"),
    cast(1.1, "bool")
)

    Standard Output:

    2.1; 2; -1; 2; false; 1.1; 1; true

cidr

Function Prototype: fn cidr(ip: str, mask: str) -> bool

Function Description: Check the IP whether in CIDR block

Function Parameters:

  • ip: The ip address
  • mask: The CIDR mask

Function Return Value:

  • bool: Whether the IP is in CIDR block

Function Examples:

  • Example 0:

    Script Content:

    ip = "192.0.2.233"
if cidr(ip, "192.0.2.1/24") {
    printf("%s", ip)
}

    Standard Output:

    192.0.2.233

  • Example 1:

    Script Content:

    ip = "192.0.2.233"
if cidr(mask="192.0.1.1/24", ip=ip) {
    printf("%s", ip)
}

    Standard Output:

delete

Function Prototype: fn delete(m: map, key: str)

Function Description: Delete key from the map.

Function Parameters:

  • m: The map for deleting key
  • key: Key need delete from map.

Function Examples:

  • Example 0:

    Script Content:

    v = {
    "k1": 123,
    "k2": {
        "a": 1,
        "b": 2,
    },
    "k3": [{
        "c": 1.1, 
        "d":"2.1",
    }]
}
delete(v["k2"], "a")
delete(v["k3"][0], "d")
printf("result group 1: %v; %v\n", v["k2"], v["k3"])

v1 = {"a":1}
v2 = {"b":1}
delete(key="a", m=v1)
delete(m=v2, key="b")
printf("result group 2: %v; %v\n", v1, v2)

    Standard Output:

    result group 1: {"b":2}; [{"c":1.1}]
result group 2: {}; {}

dql

Function Prototype: fn dql(query: str, qtype: str = "dql", limit: int = 10000, offset: int = 0, slimit: int = 0, time_range: list = []) -> map

Function Description: Query data using dql or promql.

Function Parameters:

  • query: DQL or PromQL query statements.
  • qtype: Query language, One of dql or promql, default is dql.
  • limit: Query limit.
  • offset: Query offset.
  • slimit: Query slimit.
  • time_range: Query timestamp range, the default value can be modified externally by the script caller.

Function Return Value:

  • map: Query response.

Function Examples:

  • Example 0:

    Script Content:

    v = dql("M::cpu limit 2 slimit 2")
v, ok = dump_json(v, "    ")
if ok {
    printf("%v", v)
}

    Standard Output:

    {
    "series": [
        [
            {
                "columns": {
                    "time": 1744866108991,
                    "total": 7.18078381,
                    "user": 4.77876106
                },
                "tags": {
                    "cpu": "cpu-total",
                    "test_site": "testing",
                    "host": "172.16.241.111",
                    "host_ip": "172.16.241.111",
                    "name": "cpu",
                    "project": "demo-testing"
                }
            },
            {
                "columns": {
                    "time": 1744866103991,
                    "total": 10.37376049,
                    "user": 7.17009916
                },
                "tags": {
                    "cpu": "cpu-total",
                    "test_site": "testing",
                    "host": "172.16.241.111",
                    "host_ip": "172.16.241.111",
                    "name": "cpu",
                    "project": "demo-testing"
                }
            }
        ],
        [
            {
                "columns": {
                    "time": 1744866107975,
                    "total": 21.75562864,
                    "user": 5.69187959
                },
                "tags": {
                    "cpu": "cpu-total",
                    "test_site": "testing",
                    "host": "172.16.242.112",
                    "host_ip": "172.16.242.112",
                    "name": "cpu",
                    "project": "demo-testing"
                }
            },
            {
                "columns": {
                    "time": 1744866102975,
                    "total": 16.59466328,
                    "user": 5.28589581
                },
                "tags": {
                    "cpu": "cpu-total",
                    "test_site": "testing",
                    "host": "172.16.242.112",
                    "host_ip": "172.16.242.112",
                    "name": "cpu",
                    "project": "demo-testing"
                }
            }
        ]
    ],
    "status_code": 200
}

dql_series_get

Function Prototype: fn dql_series_get(series: map, name: str) -> list

Function Description: get series data

Function Parameters:

  • series: dql query result
  • name: column or tag name

Function Return Value:

  • list: specified column or tag value for the series

Function Examples:

  • Example 0:

    Script Content:

    v = dql("M::cpu limit 2 slimit 2") 

hostLi = dql_series_get(v, "host")
time_li = dql_series_get(v, "time")

printf("%v", {"host": hostLi, "time": time_li})

    Standard Output:

    {"host":[["172.16.241.111","172.16.241.111"],["172.16.242.112","172.16.242.112"]],"time":[[1744866108991,1744866103991],[1744866107975,1744866102975]]}

dql_timerange_get

Function Prototype: fn dql_timerange_get() -> list

Function Description: Get the time range of the DQL query, which is passed in by the script caller or defaults to the last 15 minutes.

Function Return Value:

  • list: The time range. For example, [1744214400000, 1744218000000], the timestamp precision is milliseconds

Function Examples:

  • Example 0:

    Script Content:

    val = dql_timerange_get()
printf("%v", val)

    Standard Output:

    [1672531500000,1672532100000]

  • Example 1:

    Script Content:

    val = dql_timerange_get()
printf("%v", val)

    Standard Output:

    [1672531200000,1672532100000]

dump_json

Function Prototype: fn dump_json(v: str, indent: str = "") -> (str, bool)

Function Description: Returns the JSON encoding of v.

Function Parameters:

  • v: Object to encode.
  • indent: Indentation prefix.

Function Return Value:

  • str: JSON encoding of v.
  • bool: Whether decoding is successful.

Function Examples:

  • Example 0:

    Script Content:

    v = {"a": 1, "b": 2.1}
v, ok = dump_json(v)
if ok {
    printf("%v", v)
}

    Standard Output:

    {"a":1,"b":2.1}

  • Example 1:

    Script Content:

    v = {"a": 1, "b": 2.1}
v, ok = dump_json(v, "  ")
if ok {
    printf("%v", v)
}

    Standard Output:

    {
  "a": 1,
  "b": 2.1
}

exit

Function Prototype: fn exit()

Function Description: Exit the program

Function Examples:

  • Example 0:

    Script Content:

    printf("1\n")
printf("2\n")
exit()
printf("3\n")

    Standard Output:

    1
2

format_int

Function Prototype: fn format_int(val: int, base: int) -> str

Function Description: Formats an integer into a string.

Function Parameters:

  • val: The integer to format.
  • base: The base to use for formatting. Must be between 2 and 36.

Function Return Value:

  • str: The formatted string.

Function Examples:

  • Example 0:

    Script Content:

    v = format_int(16, 16)
printf("%s", v)

    Standard Output:

    10

geoip

Function Prototype: fn geoip(ip: str) -> map

Function Description: GeoIP

Function Parameters:

  • ip: IP address.

Function Return Value:

  • map: IP geographical information.

Function Examples:

  • Example 0:

    Script Content:

    v = geoip("127.0.0.1")
printf("%v", v)

    Standard Output:

    {"city":"","country":"","isp":"unknown","province":""}

  • Example 1:

    Script Content:

    ip_addr = "114.114.114.114"
v, ok = dump_json(geoip(ip_addr), "    ");
if ok {
    printf("%v", v)
}

    Standard Output:

     {
    "city": "Ji'an",
    "country": "CN",
    "isp": "chinanet",
    "province": "Jiangxi"
}

gjson

Function Prototype: fn gjson(input: str, json_path: str) -> (bool|int|float|str|list|map, bool)

Function Description: GJSON provides a fast and easy way to get values from a JSON document.

Function Parameters:

  • input: JSON format string to parse.
  • json_path: JSON path.

Function Return Value:

  • bool|int|float|str|list|map: Parsed result.
  • bool: Parsed status.

Function Examples:

  • Example 0:

    Script Content:

    v='''{
    "name": {"first": "Tom", "last": "Anderson"},
    "age": 37,
    "children": ["Sara","Alex","Jack"],
    "fav.movie": "Deer Hunter",
    "friends": [
        {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
        {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
        {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
    ]
}'''
age, ok = gjson(v, "age")
if ok {
    printf("%.0f", age)
} else {
    printf("not found")
}

    Standard Output:

    37

  • Example 1:

    Script Content:

    v='''{
    "name": {"first": "Tom", "last": "Anderson"},
    "age": 37,
    "children": ["Sara","Alex","Jack"],
    "fav.movie": "Deer Hunter",
    "friends": [
        {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
        {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
        {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
    ]
}'''
name, ok = gjson(v, "name")
printf("%v", name)

    Standard Output:

    {"first": "Tom", "last": "Anderson"}

  • Example 2:

    Script Content:

    v='''[
    {"first": "Dale", "last": "Murphy", "age": 44, "nets": ["ig", "fb", "tw"]},
    {"first": "Roger", "last": "Craig", "age": 68, "nets": ["fb", "tw"]},
    {"first": "Jane", "last": "Murphy", "age": 47, "nets": ["ig", "tw"]}
]'''
net, ok = gjson(v, "0.nets.2")
printf("%v", net)

    Standard Output:

    tw

grok

Function Prototype: fn grok(input: str, pattern: str, extra_patterns: map = {}, trim_space: bool = true) -> (map, bool)

Function Description: Extracts data from a string using a Grok pattern. Grok is based on regular expression syntax, and using regular (named) capture groups in a pattern is equivalent to using a pattern in a pattern. A valid regular expression is also a valid Grok pattern.

Function Parameters:

  • input: The input string used to extract data.
  • pattern: The pattern used to extract data.
  • extra_patterns: Additional patterns for parsing patterns.
  • trim_space: Whether to trim leading and trailing spaces from the parsed value.

Function Return Value:

  • map: The parsed result.
  • bool: Whether the parsing was successful.

Function Examples:

  • Example 0:

    Script Content:

    app_log="2021-01-11T17:43:51.887+0800  DEBUG io  io/io.go:458  post cost 6.87021ms"

# Use built-in patterns, named capture groups, custom patterns, extract fields;
# convert the type of the extracted field by specifying the type.
v, ok = grok(
    app_log,
    "%{TIMESTAMP_ISO8601:log_time}\\s+(?P<log_level>[a-zA-Z]+)\\s+%{WORD}\\s+%{log_code_pos_pattern:log_code_pos}.*\\s%{NUMBER:log_cost:float}ms", 
    {
        "log_code_pos_pattern": "[a-zA-Z0-9/\\.]+:\\d+", 
    }
)

if ok {
    v, ok = dump_json(v, "  ")
    if ok {
        printf("%v", v)
    }
}

    Standard Output:

    {
  "log_code_pos": "io/io.go:458",
  "log_cost": 6.87021,
  "log_level": "DEBUG",
  "log_time": "2021-01-11T17:43:51.887+0800"
}

hash

Function Prototype: fn hash(text: str, method: str) -> str

Function Description:

Function Parameters:

  • text: The string used to calculate the hash.
  • method: Hash Algorithms, allowing values including md5, sha1, sha256, sha512.

Function Return Value:

  • str: The hash value.

Function Examples:

  • Example 0:

    Script Content:

    printf("%v", hash("abc", "md5"))

    Standard Output:

    900150983cd24fb0d6963f7d28e17f72

  • Example 1:

    Script Content:

    printf("%v", hash("abc", "sha1"))

    Standard Output:

    a9993e364706816aba3e25717850c26c9cd0d89d

  • Example 2:

    Script Content:

    printf("%v", hash("abc", "sha256"))

    Standard Output:

    ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

  • Example 3:

    Script Content:

    printf("%v", hash("abc", "sha512"))

    Standard Output:

    ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

  • Example 4:

    Script Content:

    printf("%v", hash("abc", "xx"))

    Standard Output:

http_request

Function Prototype: fn http_request(method: str, url: str, body: bool|int|float|str|list|map = nil, headers: map = {}) -> map

Function Description: Used to send http request.

Function Parameters:

  • method: HTTP request method
  • url: HTTP request url
  • body: HTTP request body
  • headers: HTTP request headers

Function Return Value:

  • map: HTTP response

Function Examples:

  • Example 0:

    Script Content:

    resp = http_request("GET", "http://test-domain/test")
delete(resp["headers"], "Date")
resp_str, ok = dump_json(resp, "    ")
printf("%s", resp_str)

    Standard Output:

    {
    "body": "{\"code\":200, \"message\":\"success\"}",
    "headers": {
        "Content-Length": "33",
        "Content-Type": "application/json"
    },
    "status_code": 200
}

  • Example 1:

    Script Content:

    resp = http_request("GET", "http://localhost:80/test")

# Usually, access to private IPs will be blocked,
# you need to contact the administrator.

resp_str, ok = dump_json(resp, "    ")
printf("%s", resp_str)

    Standard Output:

    {
    "error": "Get \"http://localhost:80/test\": resolved IP 127.0.0.1 is blocked"
}

len

Function Prototype: fn len(val: map|list|str) -> int

Function Description: Get the length of the value. If the value is a string, returns the length of the string. If the value is a list or map, returns the length of the list or map.

Function Parameters:

  • val: The value to get the length of.

Function Return Value:

  • int: The length of the value.

Function Examples:

  • Example 0:

    Script Content:

    printf("%v", len("abc"))

    Standard Output:

    3

  • Example 1:

    Script Content:

    printf("%v", len([1, 2, 3]))

    Standard Output:

    3

  • Example 2:

    Script Content:

    printf("%v", len({"a": 1, "b": 2, "c": 3}))

    Standard Output:

    3

load_json

Function Prototype: fn load_json(val: str) -> (bool|int|float|str|list|map, bool)

Function Description: Unmarshal json string

Function Parameters:

  • val: JSON string.

Function Return Value:

  • bool|int|float|str|list|map: Unmarshal result.
  • bool: Unmarshal status.

Function Examples:

  • Example 0:

    Script Content:

    jstr = '{"a": 1, "b": 2, "c": 3}'
v, ok = load_json(jstr)
if ok {
    printf("%v", v["b"])
}

    Standard Output:

    2

lowercase

Function Prototype: fn lowercase(val: str) -> str

Function Description: Converts a string to lowercase.

Function Parameters:

  • val: The string to convert.

Function Return Value:

  • str: Returns the lowercase value.

Function Examples:

  • Example 0:

    Script Content:

    printf("%s", lowercase("ABC"))

    Standard Output:

    abc

match

Function Prototype: fn match(val: str, pattern: str, n: int = 1) -> (list, bool)

Function Description: Regular expression matching.

Function Parameters:

  • val: The string to match.
  • pattern: Regular expression pattern.
  • n: The number of matches to return. Defaults to 1, -1 for all matches.

Function Return Value:

  • list: Returns the matched value.
  • bool: Returns true if the regular expression matches.

Function Examples:

  • Example 0:

    Script Content:

    text="abc def 123 abc def 123"
v, ok = match(text, "(abc) (?:def) (?P<named_group>123)")
if ok {
    printf("%v", v)
}

    Standard Output:

    [["abc def 123","abc","123"]]

  • Example 1:

    Script Content:

    text="abc def 123 abc def 123"
v, ok = match(text, "(abc) (?:def) (?P<named_group>123)", -1)
if ok {
    printf("%v", v)
}

    Standard Output:

    [["abc def 123","abc","123"],["abc def 123","abc","123"]]

`parse_date