Checks whether the given pattern matches any of the values of the array and excludes the event from the search result if it does not match on any value.

Note

To ensure compatibilty, it is recommended to always test your regular expressions inside LogScale, instead of a 3rd party regex tool.

ParameterTypeRequiredDefault ValueDescription
array[a]stringrequired  A string in the format of a valid array index []. A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[] .
flagsstringoptional[b]  The regex modifier flags to use.
   Valid Values
   Empty String
   FUse the LogScale Regex Engine v2 (introduced in 1.154.0)
   dPeriod (.) also includes newline characters
   iIgnore case for matched values
   mMulti-line parsing of regular expressions
regexregexrequired  The regex pattern for the value on which to search the array.

[a] The argument name array can be omitted.

[b] Optional parameters use their default value unless explicitly set.

Hide omitted argument names for this function

Show omitted argument names for this function

Hide negatable operation for this function

Show negatable operation for this function

A specific syntax applies for this query function, see Array Syntax for details.

array:regex() Examples

Find Matches in Array Given a Regular Expression - Example 1

Use regular expressions to search for and match specific patterns in flat arrays

Query
logscale
array:regex("incidents[]", regex="^Cozy Bear.*")
| groupBy(host)
Introduction

A regular expression is a form of advanced searching that looks for specific patterns, as opposed to certain terms and phrases. You can use a regular expression to find all matches in an array. In this example, the regular expression is used to search for patterns where the value Cozy Bear appears in a certain position across arrays.

Example incoming data might look like this:

hostincidents[0]incidents[1]incidents[2]
v1Evil BearCozy Bear 
v15Fancy FlyTiny CatCozy Bears
v22Fancy FlyTiny CatCold Bears
v4Fancy FlyTiny CatCozy Bearskins
v1Evil BearCozy Bears 
Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    array:regex("incidents[]", regex="^Cozy Bear.*")

    Searches in the incidents array for values that only start with Cozy Bear. Find all matches given that regular expression.

  3. logscale
    | groupBy(host)

    Groups the returned results by host.

  4. Event Result set.

Summary and Results

The query using the regex expression are used to quickly search and return results for specific values in arrays. Regular expressions are useful when searching for different strings containing the same patterns; such as social security numbers, URLs, email addresses, and other strings that follow a specific pattern.

Sample output from the incoming example data:

host_count
v12
v151
v41

Find Matches in Array Given a Regular Expression - Example 2

Use regular expressions to search for and match specific patterns ignoring case in flat arrays

Query
logscale
array:regex("responses[]", regex="bear$", flags="i")
Introduction

A regular expression is a form of advanced searching that looks for specific patterns, as opposed to certain terms and phrases. You can use a regular expression to find all matches in an array. In this example, the regular expression is used to search for patterns where the value bear appears at the end of a value in an array element, ignoring the case.

Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    array:regex("responses[]", regex="bear$", flags="i")

    Searches in the responses array for values that begins with bear, ignoring the case (due to the i flag).

  3. Event Result set.

Summary and Results

The queries using the regex expression are used to quickly search and return results for specific values in arrays. Regular expressions are useful when searching for different strings containing the same patterns; such as social security numbers, URLs, email addresses, and other strings that follow a specific pattern.