Template

An example article for functions.

formatTimestamp

Formats a given timestamp according to a format string using a given pattern.

Timestamps according to the ISO 8601 standard can be parsed and converted to the timestamp datatype.

The function is using the Java DateTime Formatter and supports the consecutive formatting patterns and symbols.

Syntax

formatTimestamp(<timestamp> [, interval: <interval>] [, format: <format>])

TBD. Details about the syntax description here. (Included as snippet)

Parameters

Parameter

Type

Description

Required

timestamp

timestamp

The timestamp to be formatted.

required

interval

duration

The granularity of the formatted timestamp. The default is: 1 ns.

optional

format

string

The formatting pattern. The default is: YYYY-MM-dd....

optional

Returns

The function returns the timestamp formatted according to the formatting pattern format. The data type of the returned value is string.

Examples

Example 1
data record(timestamp = toTimestamp("2019-08-01T09:30:00.000-0400"))
| fieldsAdd formatted = formatTimestamp(timestamp, format:"MM-dd-YYYY"),
year = formatTimestamp(timestamp, format:"Y"),
month = formatTimestamp(timestamp, format:"M"),
week = formatTimestamp(timestamp, format:"w"),
dayofWeek = formatTimestamp(timestamp, format:"E"),
hour = formatTimestamp(timestamp, format:"H")

Query result:

timestamp

formatted

year

month

week

dayofWeek

hour

2019-08-01T13:30:00.000Z

08-01-2019

2019

8

31

Thu

13

matchesValue

Searches records for a specific value in a given attribute.

Syntax

matchesValue(<expression>, <value> [, caseSensitive: <caseSensitive>])

TBD. Details about the syntax description here. (Included as snippet)

Parameters

Parameter

Type

Description

Required

expression

string, array

The expression (string or array of strings) that should be checked.

required

value

string

The value to search for using patterns.

required

caseSensitive

boolean

Whether the match should be done case-sensitive.

optional

Returns

The function returns true if the search pattern value is found in the string expression, or otherwise false. The data type of the returned value is boolean.

Examples

Example 1: Case sensitivity

Values are matched case-insensitive by default:

data record(content = "User 'käärmanü' failed to login from 192.168.0.1")
| fieldsAdd matchesValue(content, "User*"),
matchesValue(content, "user*"),
matchesValue(content, "user*", caseSensitive: true)

Query result:

content

matchesValue(content, "User*")

matchesValue(content, "user*")

matchesValue(content, "user*", caseSensitive:TRUE)

User 'käärmanü' failed to login from 192.168.0.1

true

true

false

Example 2: Position dependence

Values are matched from the beginning. To match parts of the value, use * as wildcard symbol:

data record(content = "User 'käärmanü' failed to login from 192.168.0.1")
| fieldsAdd matchesValue(content, "192.168.0.1"),
matchesValue(content, "*192.168.0.1"),
matchesValue(content, "*failed to log*")

Query result:

content

matchesValue(content, "192.168.0.1")

matchesValue(content, "*192.168.0.1")

matchesValue(content, "*failed to log*")

User 'käärmanü' failed to login from 192.168.0.1

false

true

true

Example 3: Matching of non-ASCII characters

Only ASCII characters are matched case-insensitive:

data record(content = "Österreich")
| fieldsAdd matchesValue(content, "österreich"),
matchesValue(content, "Österreich")

Query result:

content

matchesValue(content, "österreich")

matchesValue(content, "Österreich")

Österreich

false

true

Example 4: Matching of arrays

The function handles values of arrays in "any-match" manner.

data record(technologies = array("Java11", "java17"))
| fieldsAdd matchesValue(technologies, "Java11"),
matchesValue(technologies, "java"),
matchesValue(technologies, "java*")

Query result:

technologies

matchesValue(technologies, "Java11")

matchesValue(technologies, "java")

matchesValue(technologies, "java*")

[Java11, java17]

true

false

true