Count Characters in Field

Count the number of characters in a field using the length() function

Query

logscale

length(@rawstring)

Introduction

The length() function can be used to count the number of characters in a field. It counts all characters, including spaces and special characters.

In this example, the length() function is used to count the number of characters in the @rawstring field and output the result in a field named _length.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0["Expression"] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
length(@rawstring)
```
Counts the number of characters in the field @rawstring field and outputs the result in a field named _length. This count includes all visible characters, spaces, and punctuation marks in the log entry.
Using the as parameter, it is also possible to define another output field, for example, rawLength, if adding the following:
length(@rawstring, as="rawLength")
Event Result set.

Summary and Results

The query is used to make a count of all characters (all visible characters, spaces, and punctuation marks) in a log entry. Making a count of all characters is useful for managing and analyzing, for example, security logs, ensuring complete data capture for threat detection and incident response.

Examples Library