Built-ins are the core language features that let you filter, transform, and make assertions across collections of data. They are the difference between just retrieving raw data and turning that data into meaningful answers.
Think of built-ins as the verbs of MQL:
.where() narrows down what you’re looking at..map() transforms the results..all(), .any(), .none(), .one() let you assert truth over collections..list, .length, and .containsOnly help you structure and compare results.
In the following sections we’ll explore each built-in in detail, with examples you can run in the shell. You’ll see both policy-style checks and inventory-style queries so you can use them in compliance scenarios as well as live investigation.
MQL Built-in Functions
This page gives an overview of all built-in functions available in MQL, grouped by type.
Each function links to a dedicated documentation page with examples.
Array Functions
| Function | Summary |
|---|
| first | Return the first element of an array |
| last | Return the last element of an array |
| length | Number of elements in the array |
| where | Filter by predicate |
| map | Transform each element |
| flat | Flatten nested arrays |
| sample | Return a random sample of elements |
| duplicates | Return duplicate values (optionally by key) |
| unique | Return unique values (optionally by key) |
| contains | Check if array contains a value or matches predicate |
| containsAll | Check that array contains all specified values |
| containsNone | Check that array contains none of the specified values |
| containsOnly | Check that array contains only specified values |
| all | Assert all elements satisfy predicate |
| any | Assert at least one element satisfies predicate |
| one | Assert exactly one element satisfies predicate |
| none | Assert no elements satisfy predicate |
Map Functions
| Function | Summary |
|---|
| length | Number of entries in the map |
| keys | Return the keys of the map |
| values | Return the values of the map |
| where | Filter map entries by predicate |
| sample | Return a random sample of entries |
| contains | Check if any entry matches a value or predicate |
| all | Assert all entries satisfy predicate |
| any | Assert at least one entry satisfies predicate |
| one | Assert exactly one entry satisfies predicate |
| none | Assert no entry satisfies predicate |
String Functions
| Function | Summary |
|---|
| length | Number of characters in the string |
| contains | Check if string contains a substring or matches regex |
| find | Find all regex matches in the string |
| in | Check if string is in a list |
| notIn | Check if string is not in a list |
| inRange | Check if string represents a number within a range |
| camelcase | Convert string to camelCase |
| downcase | Convert string to lowercase |
| upcase | Convert string to uppercase |
| lines | Split string into lines |
| split | Split string by a delimiter |
| trim | Trim whitespace or specified characters |
Number Functions
| Function | Summary |
|---|
| inRange | Check if a number is within a range |
| Function | Summary |
|---|
| seconds | Extract seconds or convert to seconds |
| minutes | Extract minutes or convert to minutes |
| hours | Extract hours or convert to hours |
| days | Extract days or convert to days |
| unix | Convert to Unix epoch seconds |
| inRange | Check if time is within a range |
IP / Network Functions