String Functions

PantherFlow string functions

PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

`strings.cat()`

strings.cat(str: string, str: string, ... ) -> string

Concatenates strings.

Example:

panther_logs.public.aws_alb
| project clientAddr=strings.cat(clientIp, ':', clientPort)

`strings.contains()`

strings.contains(str: any, substr: string) -> bool

Returns true if str contains substr. If str is not a string, it is stringified first.

Example:

panther_logs.public.aws_alb
| project usingMozilla=strings.contains(userAgent, "Mozilla")

`strings.ends_with()`

strings.ends_with(str: string, postfix: string) -> bool

Returns true if str ends with postfix.

Example:

panther_logs.public.aws_alb
| project usingSHA256=strings.ends_with(sslCipher, "SHA256")

`strings.ilike()`

strings.ilike(str: any, substr: string) -> bool

Returns true if str contains substr with SQL LIKE semantics ignoring case.

Example:

panther_logs.public.aws_alb
| project usingSHA=strings.ilike(sslCipher, "%sha%")

`strings.join()`

strings.join(elements: [string], sep: string) -> string

Returns elements joined together with sep between each element.

Example:

panther_logs.public.aws_alb
| project same=strings.join(strings.split(domainName, "."), ".")

`strings.len()`

strings.len(str: any) -> int

Returns the length of str. If str is not a string, it is stringified first.

Example:

panther_logs.public.aws_alb
| project keyLen=strings.len(p_source_file.aws_s3_key)

`strings.like()`

strings.like(str: any, substr: string) -> bool

Returns true if str contains substr with SQL LIKE semantics.

Example:

panther_logs.public.aws_alb
| project usingSHA=strings.like(sslCipher, "%SHA%")

`strings.lower()`

strings.lower(str: string) -> string

Returns str converted to lower case.

Example:

panther_logs.public.aws_alb
| project action=strings.cat(strings.lower(requestHttpMethod), " a letter")

`strings.split()`

strings.split(str: any, sep: string) -> [string]

Returns a list of substrings of str separated by sep.

Example:

panther_logs.public.aws_alb
| project ip_parts=strings.split(clientIp, ".")

`strings.starts_with()`

strings.starts_with(str: string, prefix: string) -> bool

Returns true if str starts with prefix.

Example:

panther_logs.public.aws_alb
| project targetingLoadBalancer=strings.starts_with(targetGroupArn, "arn:aws:elasticloadbalancing")

`strings.upper()`

strings.upper(str: string) -> string

Returns str converted to upper case.

Example:

panther_logs.public.aws_alb
| project bigDomain=strings.upper(domainName)

PreviousDate/time Functions NextArray Functions

Last updated 2 months ago

Was this helpful?