Checking value in array

Sean · October 10, 2025, 5:17pm

What I am trying to do:

I am building a workflow that get the description of a ServiceNow incident and parses it for IPs and usernames. I then will be using the IPs to querying Microsoft log analytics to get the list of users that authenticated with that IP and then match the list of users in the ticket against the users returned from the query.

Problem:
I would like to check to see if any of the users that are returned in the results are in the list of users pulled from the ticket description. However, the only way I can think of doing this is by nesting a loop inside of another loop, which I have done in the past. Doing it this way just feels wrong and it adds to the overall run time of the workflow. It also makes it difficult when I need to return data from the outer loop.

This is how I have done it in the past (pseudocode) :

for each queryUser in userReturnedFromQuery
(
      for each userReported in usersFromTicket
      (
            if queryUser == userReported then
                  if userMatched == False
                         userMatched = True  (added to artifacted used as output)
                  else
                         *empty branch*
            else 
                  *empty branch*
      )

       if userMatched == True then
             -add information an artifact 
)

Question:
Is there a better way to check for values that are inside an array for InsightConnect? I know I will need to have at lest one loop, but I am looking for a way to quickly and efficantly search arrays without a nested loop. For large sets of data, this just increases the time for the workflow to run. For one of my workflows I stopped creating loops inside of loops when I knew there would be a lot of data to loop through. Instead, I just dumped the list of items into a global artifact and then use a helper to search the global artifact. The downside to this is needing to clear the global artifact at the end of the workflow.

I found an article for InsightDR, but I could not find anything similar for InsightConnect. What I found for InsightDR: Searching array without using Index

Darrick_Hall · October 15, 2025, 2:16pm

Either the JQ plugin or Python plugin would be how I handle most scenarios that you are describing.

Sean · October 17, 2025, 2:46pm

With Python, are you converting the array to a set before the loop?

Darrick_Hall · October 17, 2025, 3:55pm

The method I use depends on what I am trying to do. The python plugin is nice because you can send multiple inputs. If you have data from more than one step that you want to use with the JQ plugin you will need to first combine the data or handle each set in separate steps. It really just depends though.

Sean · October 17, 2025, 4:24pm

I just have a single step. Since I am just looking for a specific value, for the JQ plugin, would I use the loop.$item variable in the filter?

For example, I have arrayOfValuesToLookFor[1,2,3,4,5] and an another array that contains a bunch of values called arrayFromAnotherStep. The loop step would be configured to use arrayOfValuesToLookFor[1,2,3,4,5]. Inside the loop step I would use arrayFromAnotherStep as the JSON input and loop.$item as the filter.

The example in the help is not very helpful and I admit, I have not searched Discuss yet.