bitfield:extractFlags()

`bitfield:extractFlags()`

Decodes an integer to its bit-representation and extracts the bits at specified indices to specified field names as a boolean.

The bits are indexed from 0 and can accept up to 64 bits (the length of a Long). If the value in the input field is larger, the lowest 64 bits will be used.

Parameter	Type	Required	Default Value	Description
`field`	string	required		The name of the field that should be decoded.
`onlyTrue`	boolean	optional^[a]	`false`	If set to `true`, fields will only be added if their value in the bitfield is `true`; any flags that are `false` will not be added.
`output`	string	required		A list of pairs of indices in the bit-representation and the field name it should be written to.
^[a]Optional parameters use their default value unless explicitly set.

`bitfield:extractFlags()` Examples

Decode and Extract Bit Flags

Extract truebits flags using the bitfield:extractFlags() function

Query

logscale

bitfield:extractFlags(field="MemoryDescriptionFlags", onlyTrue=true, output=[
  [0,INVALID_ADDRESS],
  [1,CURRENT_STACK],
  [2,JIT_DOTNET],
  [3,MZ],
  [4,CODE],
  [5,MODULE],
  [6,MAPPED],
  [7,REFLECIVE_PE],
  [8,JIT_FLASH],
  [9,PRIMARY_MODULE],
  [10,PRIVATE_MEMORY],
  [11,KNOWN_FUNCTION],
  [12,FREE_MEMORY]])

Introduction

The bitfield:extractFlags() function can be used to decode an integer to its bit-representation and extract the true bits at specified indices with specified names. The fields will be named with the names of the set bits. The bits are indexed from 0 and will include up to 64 bits. If the value in the input field is larger, the lowest 64 bits will be used. In this example, the bitfield:extractFlags() function is used to decode the field MemoryDescriptionFlags and extract its true bits.

Example incoming data might look like this:

Raw Events

MemoryDescriptionFlags,1234

// corresponds to 10011010010

Step-by-Step

Starting with the source repository events.

logscale

bitfield:extractFlags(field="MemoryDescriptionFlags", onlyTrue=true, output=[
  [0,INVALID_ADDRESS],
  [1,CURRENT_STACK],
  [2,JIT_DOTNET],
  [3,MZ],
  [4,CODE],
  [5,MODULE],
  [6,MAPPED],
  [7,REFLECIVE_PE],
  [8,JIT_FLASH],
  [9,PRIMARY_MODULE],
  [10,PRIVATE_MEMORY],
  [11,KNOWN_FUNCTION],
  [12,FREE_MEMORY]])

Decodes the field MemoryDescriptionFlags and extracts the true bits at specified indices with specified names. The fields will be named with the names of the set bits.

Event Result set.

Summary and Results

The query is used to decode an integer to its bit-representation and extract the true bits at specified indices with specified names.

Sample output from the incoming example data:

CODE	CURRENT_STACK	FREE_MEMORY	INVALID_ADDRESS	JIT_DOTNET	JIT_FLASH	KNOWN_FUNCTION	MAPPED	MODULE	MZ	PRIMARY_MODULE	PRIVATE_MEMORY	REFLECIVE_PE
true	true	false	false	false	false	false	true	false	false	false	true	true

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

`bitfield:extractFlags()`

`bitfield:extractFlags()` Examples

Decode and Extract Bit Flags

Query

Introduction

Step-by-Step

Summary and Results

Version Support

Enter search term

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

bitfield:extractFlags() Examples

Decode and Extract Bit Flags

Query

Introduction

Step-by-Step

Summary and Results

Version Support

Enter search term

`bitfield:extractFlags()`

`bitfield:extractFlags()` Examples