# PantherFlow Expressions {% hint style="info" %} PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team. {% endhint %} ## References ### Array references

Syntax	Description	Example
`array[X]`	Retrieve value at X	`foo[1]`

### Object references

Syntax	Description	Example
`object['X']`	Retrieve value at X	`foo['bar']`
`object.X`	Retrieve value at X	`foo.bar`

## Comparisons ### Equality comparisons

Operator	Description	Example	Operator	Meaning
`==`	Equality	`A == B`	==
`!=`	Inequality	`A != B`	!=

### Boolean comparisons

Operator	Description	Example	Operator
`and`	Logical and	`A and B`	and
`or`	Logical or	`A or B`	or
`not`	Logical not	`not A`	not

### Numerical comparisons

Syntax	Description	Example
`<`	Less than	`A < B`
`<=`	Less than or equal to	`A <= B`
`>`	Greater than	`A > B`
`>=`	Greater than or equal to	`A >= B`
`+`	Add	`A + B`
`-`	Subtract	`A - B`
`*`	Multiply	`A * B`
`/`	Divide	`A / B`
`%`	Modulo	`A % B`

### Array comparisons

Syntax	Description	Example
`in`	Value is in array	`X in [X, Y, Z]`, `'10.10.10.100' in p_any_ip_addresses`
`not in`	Value is not in array	`X not in [A, B, C]`

### Between comparisons

Operator	Description	Example
`between`	Value is between two values (inclusive), which are separated by `..`	`<foo> between <begin> .. <end>`
`not between`	Value is not between two values (exclusive), which are separated by `..`	`<foo> not between <begin> .. <end>`

## Functions ### Anonymous functions An anonymous function, or "lambda function," is an unnamed function that can be used as an argument to the `arrays.map()` and `arrays.filter()` functions. Anonymous functions have zero or more parameters and a body that is an expression: ```kusto fn ([arg1] [, arg2...]]) { } ``` #### Example: **Add one to a number in `arrays.map()`** In the example below, the anonymous function is applied to each of the elements in the array provided as the first argument to `arrays.map()`: ```kusto arrays.map([1, 2, 3], fn (r) { r + 1 }) ``` After `arrays.map()` applies the function on each element, the array becomes: ```kusto [2, 3, 4] ``` #### **Example: Compare to null in `arrays.filter()`** In the example below, `arrays.filter()` uses the anonymous function as the filter condition: ```kusto arrays.filter([null, 5, null, 6], fn (elem) { elem != null }) ``` After `arrays.filter()` filters the list using the anonymous function, it becomes: ```kusto [5, 6] ``` #### **Example: Nest multiple anonymous functions** It's possible to nest anonymous functions, or use an anonymous function in the body of another anonymous function. This can be useful for extracting arrays within arrays: ```kusto let source = datatable [{ "results": [ { "cats": [ { "Name": "Whiskers", "Breed": "Siamese", "FurLength": "Short", "ID": "AAAAA" }, { "Name": "Mittens", "Breed": "Maine Coon", "FurLength": "Long", "ID": "BBBBB" } ] }, { "cats": [ { "Name": "Mr. Meow", "Breed": "Orange Tabby", "FurLength": "Short", "ID": "CCCCC" }, { "Name": "Mrs. Meow", "Breed": "Persian", "FurLength": "Long", "ID": "DDDDD" } ] } ] }]; source | project results=arrays.flatten( arrays.map(results, fn (result) { arrays.map(result.cats, fn (cat) { object("CatName", cat.Name, "ID", cat.ID) }) }) ) ``` | results | | --------------------------------------------------------------------------------------------------------------------------------------------------- | | `[{"CatName":"Whiskers","ID":"AAAAA"},{"CatName":"Mittens","ID":"BBBBB"},{"CatName":"Mr. Meow","ID":"CCCCC"},{"CatName":"Mrs. Meow","ID":"DDDDD"}]` |