String Query Functions
LogScale's string functions allow for string data within events to be extracted, combined or modified.
Table: String Query Functions
| Function | Default Argument | Availability | Description |
|---|---|---|---|
concat([as], field) | field | Concatenates the values of a list of fields into a value in a new field. | |
concatArray([as], field, [from], [prefix], [separator], [suffix], [to]) | field | Concatenates values of all fields with same name and an array suffix into a new field. | |
length([as], field) | field | Computes the number of characters in a string field. | |
lowercase(field, [include], [locale]) | field | Changes field name or content to lowercase for parsers. | |
match([column], field, file, [glob], [ignoreCase], [include], [mode], [strict]) | file | Searches text using a CSV or JSON file and can enhance entries. | |
regex([field], [flags], [limit], regex, [repeat], [strict]) | regex | Extracts new fields using a regular expression. | |
replace([as], [field], [flags], regex, [replacement], [with]) | regex | Replaces each substring that matches given regular expression with given replacement. | |
split([field], [strip]) | field | Splits an event structure created by a JSON array into distinct events. | |
splitString([as], by, [field], [index]) | field | Splits a string by specifying a regular expression by which to split. | |
stripAnsiCodes([as], field) | field | Removes ANSI color codes and movement commands. | |
tokenHash([as], field) | field | Calculates a structure hash which is equal for similarly structured input. | |
transpose([column], [header], [limit], [pivot]) | pivot | Transposes a query results set by creating an event for each attribute. |