Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Utility Functions - regexp

Table of contents
  1. regexp

regexp

  • regexp(pattern, field)
search sContent("@event_type", "@azureSignIn")
let {username="userPrincipalName"}=f("@azureSignIn")
let {}=regexp("(?<name>.*)@(?<domain>.*)",username)

In this example, the command regexp extracts the captured “named group” from the regular expression pattern. For username “foo@gmail.com”, two new columns “name” and “domain” are added with value “foo” and “gmail.com”.