Replaces each substring of the specified fields value that matches the given regular expression with the given replacement. LogScale uses JitRex which closely follows the syntax of re2j regular expressions, which has a syntax very close to Java's regular expressions. Check out the syntax.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | false | Specifies the field to store the replaced string as. Default is replacing the contents of the input field. | |
field | string | false | @rawstring | Specifies the field to run the replacement on. |
flags | string | false | m | Specifies other regex flags. |
| Valid Values | d | Period (.) includes newline characters | ||
i | Ignore case for matched values | |||
m | Multi-line parsing of regular expressions | |||
regex | string | true | The regular expression to match. [a] | |
replacement | string | false | "" | The string to substitute for each match (same as with). |
with | string | false | "" | The string to substitute for each match. |
replace() Examples
Correct a spelling mistake
logscalereplace(regex=propperties, with=properties)Get the integer part of a number. This example uses regex capturing groups, and stores the replacement in the field b, leaving field a untouched. This is the same as using a named capture group, for example:
logscaleregex("(?<b>\\d+)\\..*",field=a)logscalereplace("(\\d+)\\..*", with="$1", field=a, as=b)Truncate a message to 100 characters:
logscalereplace("^(.{100}).*", with="$1", field=message, as="truncated_message")