Replaces each substring of the specified fields value that matches the given regular expression with the given replacement. LogScale uses JitRex which closely follows the syntax of re2j regular expressions, which has a syntax very close to Java's regular expressions. Check out the syntax.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | false | Specifies the field to store the replaced string as. Default is replacing the contents of the input field . | |
field | string | false | @rawstring | Specifies the field to run the replacement on. Default is running against @rawstring. [a] |
flags | string | false | m | Specifies other regex flags. |
| Valid Values | d | Period (.) includes newline characters | ||
| i | Ignore case for matched values | |||
| m | Multi-line parsing of regular expressions | |||
regex | string | true | The regular expression to match. | |
replacement | string | false | The string to substitute for each match (same as with). | |
with | string | false | The string to substitute for each match (defaults to a pair of double-quotes). | |
Examples
Correct a spelling mistake
logscalereplace(regex=properties, with=properties)Get the integer part of a number. This example uses regex capturing groups, and stores the replacement in the field
b, leaving field a untouched. This is the same asregex("(?<b>\d+)\..*", field=a)using a named capture group.logscalereplace("(\d+)\..*", with="$1", field=a, as=b)Truncate a message to 100 characters:
logscalereplace("^(.{100}).*", with="$1", field=message, as="truncated_message")