This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Regex in DQL

Frazzle
Frequent Guest

‎25 Mar 2025 12:36 PM

Is it possible to filter a contents of a log for a particular set of letters using regex? 
Example is that we are looking for any contents that have EX****S where the * are random numbers. 

MatchesPhrase does not work exactly as we would expect. As shown below the filter will get the log lines we want but also other log lines where the *S matches. 

| filter matchesPhrase(content, " EX*") and matchesPhrase(content, "*S ")

Are we able to use regex to match for any numbers between the set of letters we're looking for?

Labels:
0 Kudos
Reply
1 REPLY 1

marco_irmer
Mentor

‎25 Mar 2025 01:35 PM

Pure Regex is not an option currently. However, you can use the matchesPattern() function in a filter to match against events which patch a particular DPL pattern. In the example code below, we're looking for the equivalent the following of regex pattern: .*EX\d{4}S.*

| filter matchesPattern(content,"LD? 'EX' DIGIT{4} 'S' LD?")

 

Reply
Ask a question

Get help from our experts
Top