Regular Expression Functions

PantherFlow regular expression functions

PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

`re.count()`

re.count(stringable: any, regex: string) -> int

Returns the number of times that regex occurs in stringable, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project tripleDigitBlocks=re.count(clientIp, "[0-9][0-9][0-9]")

`re.matches()`

re.matches(stringable: any, regex: string) -> bool

Returns true if stringable matches the regular expression regex.

Example:

panther_logs.public.aws_alb
| project inCidr=re.matches(clientIp, '^192\\.168\\.1\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9]{1,2})$'), clientIp

`re.replace()`

re.replace(stringable: any, regex: string, replacement: string) -> string

Returns stringable with the specified pattern regex (or all occurrences of the pattern) either removed or replaced by replacement, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project traceId=re.replace(connTraceId, "^(TID_)", "")

`re.substr()`

re.substr(stringable: any, regex: string) -> string

Returns the first substring that matches regex within stringable, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project tripleDigitBlocks=re.substr(clientIp, "[0-9][0-9][0-9]")

PreviousControl Flow Functions NextSnowflake Functions

Last updated 4 months ago

Was this helpful?

Regular Expression Functions

PantherFlow regular expression functions

PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

`re.count()`

re.count(stringable: any, regex: string) -> int

Returns the number of times that regex occurs in stringable, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project tripleDigitBlocks=re.count(clientIp, "[0-9][0-9][0-9]")

`re.matches()`

re.matches(stringable: any, regex: string) -> bool

Returns true if stringable matches the regular expression regex.

Example:

panther_logs.public.aws_alb
| project inCidr=re.matches(clientIp, '^192\\.168\\.1\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9]{1,2})$'), clientIp

`re.replace()`

re.replace(stringable: any, regex: string, replacement: string) -> string

Returns stringable with the specified pattern regex (or all occurrences of the pattern) either removed or replaced by replacement, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project traceId=re.replace(connTraceId, "^(TID_)", "")

`re.substr()`

re.substr(stringable: any, regex: string) -> string

Returns the first substring that matches regex within stringable, or null if any value is null.

Example:

panther_logs.public.aws_alb
| project tripleDigitBlocks=re.substr(clientIp, "[0-9][0-9][0-9]")

PreviousControl Flow Functions NextSnowflake Functions

Last updated 4 months ago

Was this helpful?