Checks whether the given pattern matches any of the values of the array and excludes the event from the search result if it does not match on any value.

ParameterTypeRequiredDefaultDescription
arraystringtrue A string in the format of a valid array index []. A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. E.g., for events with fields incidents[0], incidents[1], ... this would be "incidents[]". [a]
flagsstringfalse The regex flags to use: i for case-insensitive match; m for multi-line matching; and d makes . include newlines.
regexstringtrue The regex pattern for the value on which to search the array.

[a] When you provide only one parameter, the implied parameter is array

Examples

Given events containing an 'incidents' array:

Event 1

humio
|--------------|-------------|
| host         | v1          |
| incidents[0] | Evil Bear   |
| incidents[1] | Cozy Bear   |
|--------------|-------------|

Event 2

humio
|--------------|-------------|
| host         | v15         |
| incidents[0] | Fancy Fly   |
| incidents[1] | Tiny Cat    |
| incidents[2] | Cozy Bears  |
|--------------|-------------|

Find all the events where incidents regex the exact value Cozy Bear and group them by which hosts were affected, giving the output event:

humio
|--------------|-------------|
| host         | v1          |
| _count       | 1           |
|--------------|-------------|
humio
array:regex("incidents[]", regex="^Cozy Bear$") |
groupBy(host)

Given events containing a responses array, find all events where responses regex entries ending with bear, BeAr, bEAR, and so on.

humio
array:regex("responses[]", regex="bear$", flags="i")