Knowledge BaseCommunityRelease NotesRequest Demo

PantherFlow Expressions

Use these expressions in your PantherFlow query statements

PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

References

Array references

Syntax
Description
Example

array[X]

Retrieve value at X

foo[1]

Object references

Syntax
Description
Example

object['X']

Retrieve value at X

foo['bar']

object.X

Retrieve value at X

foo.bar

Comparisons

Equality comparisons

Operator
Description
Example

==

Equality

A == B

!=

Inequality

A != B

Boolean comparisons

Operator
Description
Example

and

Logical and

A and B

or

Logical or

A or B

not

Logical not

not A

Numerical comparisons

Syntax
Description
Example

<

Less than

A < B

<=

Less than or equal to

A <= B

>

Greater than

A > B

>=

Greater than or equal to

A >= B

+

Add

A + B

-

Subtract

A - B

*

Multiply

A * B

/

Divide

A / B

%

Modulo

A % B

Array comparisons

Syntax
Description
Example

in

Value is in array

X in [X, Y, Z], '10.10.10.100' in p_any_ip_addresses

not in

Value is not in array

X not in [A, B, C]

Between comparisons

Operator
Description
Example

between

Value is between two values (inclusive), which are separated by ..

<foo> between <begin> .. <end>

not between

Value is not between two values (exclusive), which are separated by ..

<foo> not between <begin> .. <end>

Functions

Anonymous functions

An anonymous function, or "lambda function," is an unnamed function that can be used as an argument to the arrays.map() and arrays.filter() functions. Anonymous functions have zero or more parameters and a body that is an expression:

fn ([arg1] [, arg2...]]) { <expr> }

Example: Add one to a number in arrays.map()

In the example below, the anonymous function is applied to each of the elements in the array provided as the first argument to arrays.map():

arrays.map([1, 2, 3], fn (r) { r + 1 })

After arrays.map() applies the function on each element, the array becomes:

[2, 3, 4]

Example: Compare to null in arrays.filter()

In the example below, arrays.filter() uses the anonymous function as the filter condition:

arrays.filter([null, 5, null, 6], fn (elem) { elem != null })

After arrays.filter() filters the list using the anonymous function, it becomes:

[5, 6]

Example: Nest multiple anonymous functions

It's possible to nest anonymous functions, or use an anonymous function in the body of another anonymous function. This can be useful for extracting arrays within arrays:

let source = datatable [{
  "results": [
    {
      "cats": [
        {
          "Name": "Whiskers",
          "Breed": "Siamese",
          "FurLength": "Short",
          "ID": "AAAAA"
        },
        {
          "Name": "Mittens",
          "Breed": "Maine Coon",
          "FurLength": "Long",
          "ID": "BBBBB"
        }
      ]
    },
    {
      "cats": [
        {
          "Name": "Mr. Meow",
          "Breed": "Orange Tabby",
          "FurLength": "Short",
          "ID": "CCCCC"
        },
        {
          "Name": "Mrs. Meow",
          "Breed": "Persian",
          "FurLength": "Long",
          "ID": "DDDDD"
        }
      ]
    }
  ]
}];

source
| project results=arrays.flatten(
    arrays.map(results, fn (result) { 
        arrays.map(result.cats, fn (cat) { 
            object("CatName", cat.Name, "ID", cat.ID) 
        })
    })
)
results

[{"CatName":"Whiskers","ID":"AAAAA"},{"CatName":"Mittens","ID":"BBBBB"},{"CatName":"Mr. Meow","ID":"CCCCC"},{"CatName":"Mrs. Meow","ID":"DDDDD"}]

PreviousPantherFlow Data TypesNextPantherFlow Functions

Last updated

Was this helpful?