String Functions
PantherFlow string functions
strings.cat()
strings.cat()strings.cat(str: string, str: string, ... ) -> string
Concatenates strings.
Example:
panther_logs.public.aws_alb
| project clientAddr=strings.cat(clientIp, ':', clientPort)strings.contains()
strings.contains()strings.contains(str: any, substr: string) -> bool
Returns true if str contains substr. If str is not a string, it is stringified first.
Example:
panther_logs.public.aws_alb
| project usingMozilla=strings.contains(userAgent, "Mozilla")strings.ends_with()
strings.ends_with()strings.ends_with(str: string, postfix: string) -> bool
Returns true if str ends with postfix.
Example:
panther_logs.public.aws_alb
| project usingSHA256=strings.ends_with(sslCipher, "SHA256")strings.ilike()
strings.ilike()strings.ilike(str: any, substr: string) -> bool
Returns true if str contains substr with SQL LIKE semantics ignoring case.
Example:
panther_logs.public.aws_alb
| project usingSHA=strings.ilike(sslCipher, "%sha%")strings.join()
strings.join()strings.join(elements: [string], sep: string) -> string
Returns elements joined together with sep between each element.
Example:
panther_logs.public.aws_alb
| project same=strings.join(strings.split(domainName, "."), ".")strings.len()
strings.len()strings.len(str: any) -> int
Returns the length of str. If str is not a string, it is stringified first.
Example:
panther_logs.public.aws_alb
| project keyLen=strings.len(p_source_file.aws_s3_key)strings.like()
strings.like()strings.like(str: any, substr: string) -> bool
Returns true if str contains substr with SQL LIKE semantics.
Example:
panther_logs.public.aws_alb
| project usingSHA=strings.like(sslCipher, "%SHA%")strings.lower()
strings.lower()strings.lower(str: string) -> string
Returns str converted to lower case.
Example:
panther_logs.public.aws_alb
| project action=strings.cat(strings.lower(requestHttpMethod), " a letter")strings.split()
strings.split()strings.split(str: any, sep: string) -> [string]
Returns a list of substrings of str separated by sep.
Example:
panther_logs.public.aws_alb
| project ip_parts=strings.split(clientIp, ".")strings.starts_with()
strings.starts_with()strings.starts_with(str: string, prefix: string) -> bool
Returns true if str starts with prefix.
Example:
panther_logs.public.aws_alb
| project targetingLoadBalancer=strings.starts_with(targetGroupArn, "arn:aws:elasticloadbalancing")strings.upper()
strings.upper()strings.upper(str: string) -> string
Returns str converted to upper case.
Example:
panther_logs.public.aws_alb
| project bigDomain=strings.upper(domainName)Last updated
Was this helpful?