# Regular Expression Functions

{% hint style="info" %}
PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.
{% endhint %}

## `re.count()`

`re.count(stringable: any, regex: string) -> int`

Returns the number of times that `regex` occurs in `stringable`, or `null` if any value is `null`.

**Example:**

```kusto
panther_logs.public.aws_alb
| project tripleDigitBlocks=re.count(clientIp, "[0-9][0-9][0-9]")
```

## `re.matches()`

`re.matches(stringable: any, regex: string) -> bool`

Returns true if `stringable` matches the regular expression `regex`.

**Example:**

```kusto
panther_logs.public.aws_alb
| project inCidr=re.matches(clientIp, '^192\\.168\\.1\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9]{1,2})$'), clientIp
```

## `re.replace()`

`re.replace(stringable: any, regex: string, replacement: string) -> string`

Returns `stringable` with the specified pattern `regex` (or all occurrences of the pattern) either removed or replaced by `replacement`, or `null` if any value is `null`.

**Example:**

```kusto
panther_logs.public.aws_alb
| project traceId=re.replace(connTraceId, "^(TID_)", "")
```

## `re.substr()`

`re.substr(stringable: any, regex: string) -> string`

Returns the first substring that matches `regex` within `stringable`, or `null` if any value is `null`.

**Example:**

```kusto
panther_logs.public.aws_alb
| project tripleDigitBlocks=re.substr(clientIp, "[0-9][0-9][0-9]")
```