Regular Expression Query Functions

LogScale's regex related functions make use of the LogScale regular expression engine. See Regular Expression-based Field Extraction for more information on writing regular expressions.

Table: Regular Expression Query Functions

FunctionDefault ArgumentAvailabilityDescription
array:regex(array, [flags], regex)arrayintroduced in 1.62.0 Checks whether the given pattern matches any of the values of the array and excludes the event from the search result
regex([field], [flags], [limit], regex, [repeat], [strict])regex  Extracts new fields using a regular expression.
replace([as], [field], [flags], regex, [replacement], [with])regex  Replaces each substring that matches given regular expression with given replacement.
split([field], [strip])field  Splits an event structure created by a JSON array into distinct events.