String Query Functions
LogScale's string functions allow for string data within events to be extracted, combined or modified.
Table: String Query Functions
| Function | Default Argument | Availability | Description |
|---|---|---|---|
concat([as], field) | field | Concatenates the values of a list of fields into a value in a new field. | |
concatArray([as], field, [from], [prefix], [separator], [suffix], [to]) | field | Concatenates values of all fields with same name and an array suffix into a new field. | |
length([as], field) | field | Computes the number of characters in a string field. | |
lowercase(field, [include], [locale]) | field | Changes field name or content to lowercase for parsers. | |
regex([field], [flags], [limit], regex, [repeat], [strict]) | regex | Extracts new fields using a regular expression. | |
replace([as], [field], [flags], regex, [replacement], [with]) | regex | Replaces each substring that matches given regular expression with given replacement. | |
splitString([as], by, [field], [index]) | field | Splits a string by specifying a regular expression by which to split. | |
stripAnsiCodes([as], field) | field | Removes ANSI color codes and movement commands. | |
tokenHash([as], field) | field | Calculates a hash by tokenizing the input string (split by spaces), creating a hash for each token and then added the result together. This generates the same hash value, even if the order of the individual values in the source string is different. |