Replaces each substring of the specified fields value that matches the given regular expression with the given replacement. LogScale uses JitRex which closely follows the syntax of re2j regular expressions, which has a syntax very close to Java's regular expressions. Check out LogScale Regular Expression Syntax.
Parameter | Type | Required | Default | Description |
---|---|---|---|---|
as | string | optional[a] | input field | Specifies the field to store the replaced string as. |
field | string | optional[a] | @rawstring | Specifies the field to run the replacement on. |
flags | string | optional[a] | m | Specifies other regex flags. |
Valid Values | ||||
d | Period (.) includes newline characters | |||
i | Ignore case for matched values | |||
m | Multi-line parsing of regular expressions | |||
regex [b] | string | required | The regular expression to match. | |
replacement | string | optional[a] | "" | The string to substitute for each match (same as with ). |
with | string | optional[a] | "" | The string to substitute for each match. |
[a] Optional parameters use their default value unless explicitly set |
Omitted Argument NamesThe argument name for
regex
can be omitted; the following forms of this function are equivalent:logscalereplace("value")
and:
logscalereplace(regex="value")
These examples show basic structure only; full examples are provided below.
replace()
Examples
Correct a spelling mistake
logscalereplace(regex=propperties, with=properties)
Get the integer part of a number. This example uses regex capturing groups, and stores the replacement in the field b, leaving field a untouched. This is the same as using a named capture group, for example:
logscaleregex("(?<b>\\d+)\\..*",field=a)
logscalereplace("(\\d+)\\..*", with="$1", field=a, as=b)
Truncate a message to 100 characters:
logscalereplace("^(.{100}).*", with="$1", field=message, as="truncated_message")