# String Functions {% hint style="info" %} PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team. {% endhint %} ## `strings.cat()` `strings.cat(str: string, str: string, ... ) -> string` Concatenates strings. **Example:** ```kusto panther_logs.public.aws_alb | project clientAddr=strings.cat(clientIp, ':', clientPort) ``` ## `strings.contains()` `strings.contains(str: any, substr: string) -> bool` Returns true if `str` contains `substr`. If `str` is not a string, it is stringified first. **Example:** ```kusto panther_logs.public.aws_alb | project usingMozilla=strings.contains(userAgent, "Mozilla") ``` ## `strings.ends_with()` `strings.ends_with(str: string, postfix: string) -> bool` Returns true if `str` ends with `postfix`. **Example:** ```kusto panther_logs.public.aws_alb | project usingSHA256=strings.ends_with(sslCipher, "SHA256") ``` ## `strings.ilike()` `strings.ilike(str: any, substr: string) -> bool` Returns true if `str` contains `substr` with SQL LIKE semantics ignoring case. **Example:** ```kusto panther_logs.public.aws_alb | project usingSHA=strings.ilike(sslCipher, "%sha%") ``` ## `strings.join()` `strings.join(elements: [string], sep: string) -> string` Returns `elements` joined together with `sep` between each element. **Example:** ```kusto panther_logs.public.aws_alb | project same=strings.join(strings.split(domainName, "."), ".") ``` ## `strings.len()` `strings.len(str: any) -> int` Returns the length of `str`. If `str` is not a string, it is stringified first. **Example:** ```kusto panther_logs.public.aws_alb | project keyLen=strings.len(p_source_file.aws_s3_key) ``` ## `strings.like()` `strings.like(str: any, substr: string) -> bool` Returns true if `str` contains `substr` with SQL LIKE semantics. **Example:** ```kusto panther_logs.public.aws_alb | project usingSHA=strings.like(sslCipher, "%SHA%") ``` ## `strings.lower()` `strings.lower(str: string) -> string` Returns `str` converted to lower case. **Example:** ```kusto panther_logs.public.aws_alb | project action=strings.cat(strings.lower(requestHttpMethod), " a letter") ``` ## `strings.split()` `strings.split(str: any, sep: string) -> [string]` Returns a list of substrings of `str` separated by `sep`. **Example:** ```kusto panther_logs.public.aws_alb | project ip_parts=strings.split(clientIp, ".") ``` ## `strings.starts_with()` `strings.starts_with(str: string, prefix: string) -> bool` Returns true if `str` starts with `prefix`. **Example:** ```kusto panther_logs.public.aws_alb | project targetingLoadBalancer=strings.starts_with(targetGroupArn, "arn:aws:elasticloadbalancing") ``` ## `strings.upper()` `strings.upper(str: string) -> string` Returns `str` converted to upper case. **Example:** ```kusto panther_logs.public.aws_alb | project bigDomain=strings.upper(domainName) ```