Skip to main content

V1 - Utility Functions - regexp

regexp

  • regexp(pattern, field)
search sContent("@event_type", "@azureSignIn")
let {username="userPrincipalName"}=f("@azureSignIn")
let {}=regexp("(?<name>.*)@(?<domain>.*)",username)

In this example, the command regexp extracts the captured "named group" from the regular expression pattern. For username "foo@gmail.com", two new columns "name" and "domain" are added with value "foo" and "gmail.com".