PantherFlow Expressions

Use these expressions in your PantherFlow query statements

PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

References

Array references

Syntax

Description

Example

array[X]

Retrieve value at X

foo[1]

Object references

Syntax

Description

Example

object['X']

Retrieve value at X

foo['bar']

object.X

Retrieve value at X

foo.bar

Comparisons

Equality comparisons

Operator

Description

Example

==

Equality

A == B

!=

Inequality

A != B

Boolean comparisons

Operator

Description

Example

and

Logical and

A and B

or

Logical or

A or B

not

Logical not

not A

Numerical comparisons

Syntax

Description

Example

<

Less than

A < B

<=

Less than or equal to

A <= B

>

Greater than

A > B

>=

Greater than or equal to

A >= B

+

Add

A + B

-

Subtract

A - B

*

Multiply

A * B

/

Divide

A / B

%

Modulo

A % B

Array comparisons

Syntax

Description

Example

in

Value is in array

X in [X, Y, Z], '10.10.10.100' in p_any_ip_addresses

not in

Value is not in array

X not in [A, B, C]

Between comparisons

Operator

Description

Example

between

Value is between two values (inclusive), which are separated by ..

<foo> between <begin> .. <end>

not between

Value is not between two values (exclusive), which are separated by ..

<foo> not between <begin> .. <end>

Functions

Anonymous functions

An anonymous function, or "lambda function," is an unnamed function that can be used as an argument to the arrays.map() and arrays.filter() functions. Anonymous functions have zero or more parameters and a body that is an expression:

fn ([arg1] [, arg2...]]) { <expr> }

Example: Add one to a number in `arrays.map()`

In the example below, the anonymous function is applied to each of the elements in the array provided as the first argument to arrays.map():

arrays.map([1, 2, 3], fn (r) { r + 1 })

After arrays.map() applies the function on each element, the array becomes:

[2, 3, 4]

Example: Compare to null in `arrays.filter()`

In the example below, arrays.filter() uses the anonymous function as the filter condition:

arrays.filter([null, 5, null, 6], fn (elem) { elem != null })

After arrays.filter() filters the list using the anonymous function, it becomes:

[5, 6]

Example: Nest multiple anonymous functions

It's possible to nest anonymous functions, or use an anonymous function in the body of another anonymous function. This can be useful for extracting arrays within arrays:

let source = datatable [{
  "results": [
    {
      "cats": [
        {
          "Name": "Whiskers",
          "Breed": "Siamese",
          "FurLength": "Short",
          "ID": "AAAAA"
        },
        {
          "Name": "Mittens",
          "Breed": "Maine Coon",
          "FurLength": "Long",
          "ID": "BBBBB"
        }
      ]
    },
    {
      "cats": [
        {
          "Name": "Mr. Meow",
          "Breed": "Orange Tabby",
          "FurLength": "Short",
          "ID": "CCCCC"
        },
        {
          "Name": "Mrs. Meow",
          "Breed": "Persian",
          "FurLength": "Long",
          "ID": "DDDDD"
        }
      ]
    }
  ]
}];

source
| project results=arrays.flatten(
    arrays.map(results, fn (result) { 
        arrays.map(result.cats, fn (cat) { 
            object("CatName", cat.Name, "ID", cat.ID) 
        })
    })
)

results

[{"CatName":"Whiskers","ID":"AAAAA"},{"CatName":"Mittens","ID":"BBBBB"},{"CatName":"Mr. Meow","ID":"CCCCC"},{"CatName":"Mrs. Meow","ID":"DDDDD"}]

PreviousPantherFlow Data Types NextPantherFlow Functions

Last updated 3 days ago

Was this helpful?

References

Array references

Object references

Comparisons

Equality comparisons

Boolean comparisons

Numerical comparisons

Array comparisons

Between comparisons

Functions

Anonymous functions

Example: Add one to a number in arrays.map()

Example: Compare to null in arrays.filter()

Example: Nest multiple anonymous functions

Example: Add one to a number in `arrays.map()`

Example: Compare to null in `arrays.filter()`