Use the base64_decode_toarray function to decode a Base64-encoded string into an array of bytes. This is especially useful when you need to extract raw binary data from encoded inputs, such as network payloads, authentication tokens, or structured log fields. You can then transform or analyze the resulting byte array using additional APL functions like array_slice, array_length, or array_index. This function is useful in scenarios where logs or telemetry data include fields that store binary data encoded as Base64, which is common for compact transmission or obfuscation. By decoding these values into byte arrays, you gain visibility into the underlying structure of the data.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

base64_decode_toarray(base64_input)

Parameters

NameTypeRequiredDescription
base64_inputstring✔️A Base64-encoded string.
The input string must be standard Base64 with padding, as defined by RFC 4648. For more information, see the RFC Series documentation.

Returns

An array of integers representing the decoded byte values. If the input string is not valid Base64, the function returns an empty array.

Use case examples

You want to decode a Base64-encoded field in logs to inspect raw payloads for debugging or transformation.Query
['sample-http-logs']
| extend raw = base64_decode_toarray('aGVsbG8gd29ybGQ=')
Run in PlaygroundOutput
raw
[104, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100]
This query decodes the Base64 string 'aGVsbG8gd29ybGQ=', which represents the ASCII string "hello world", into an array of byte values.
  • array_length: Returns the number of elements in an array. Use after decoding to validate payload length.
  • array_slice: Extracts a subrange from an array. Use to focus on specific byte segments after decoding.
  • base64_encode_fromarray: Converts a sequence of bytes into a Base64-encoded string.