length()

`length()`

Computes the number of characters in a string field.

Parameter	Type	Required	Default Value	Description
`as`	string	optional^[a]	`_length`	Name of output field.
`field`^[b]	string	required		The name of the input field to length.
^[a]Optional parameters use their default value unless explicitly set. ^[b]The parameter name `field` can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Omitted Argument Names
The argument name for field can be omitted; the following forms of this function are equivalent:
logscale Syntax
length("value")
and:
logscale Syntax
length(field="value")
These examples show basic structure only.

`length()` Examples

Click + next to an example below to get the full details.

Count Characters in Field

Count the number of characters in a field using the length() function

Query

logscale

length(@rawstring)

Introduction

In this example, the length() function is used to count the number of characters in the @rawstring field and output the result in a field named _length.

Example incoming data might look like this:

@timestamp	@rawstring
2025-02-24T08:00:01.000Z	User authentication failed: Invalid credentials
2025-02-24T08:00:02.000Z	Connection established from 192.168.1.100
2025-02-24T08:00:03.000Z	Database backup completed successfully!
2025-02-24T08:00:04.000Z	Error 404: Page not found
2025-02-24T08:00:05.000Z	New user account created: john.doe@example.com
2025-02-24T08:00:06.000Z	CPU usage spike detected: 95%
2025-02-24T08:00:07.000Z	Firewall rule updated - blocking port 8080
2025-02-24T08:00:08.000Z	System shutdown initiated by administrator

Step-by-Step

Starting with the source repository events.
logscale
```
length(@rawstring)
```
Counts the number of characters in the field @rawstring field and outputs the result in a field named _length. This count includes all visible characters, spaces, and punctuation marks in the log entry.
Using the as parameter, it is also possible to define another output field, for example, rawLength, if adding the following:
length(@rawstring, as="rawLength")
Event Result set.

Summary and Results

The query is used to make a count of all characters (all visible characters, spaces, and punctuation marks) in a log entry. Making a count of all characters is useful for managing and analyzing, for example, security logs, ensuring complete data capture for threat detection and incident response.

Sample output from the incoming example data:

@rawstring	_length
User authentication failed: Invalid credentials	45
Connection established from 192.168.1.100	41
Database backup completed successfully!	36
Error 404: Page not found	24
New user account created: john.doe@example.com	45
CPU usage spike detected: 95%	29
Firewall rule updated - blocking port 8080	42
System shutdown initiated by administrator	41

Note that the _length field shows the total character count for each @rawstring value, including spaces and punctuation marks.

Versions of this Page

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Automation

Template Language

Keyboard Shortcuts

`length()`

`length()` Examples

Count Characters in Field

Query

Introduction

Step-by-Step

Summary and Results

Related Functions

Similar Functions

Related Query Examples

Version Support

Enter search term

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Automation

Template Language

Keyboard Shortcuts

length() Examples

Count Characters in Field

Query

Introduction

Step-by-Step

Summary and Results

Version Support

Enter search term

`length()`

`length()` Examples