Extraction and parsing commands

parse

Parses a record field and puts the result(s) into one or more fields as specified in the pattern.

The parse command works in combination with the Dynatrace Pattern Language for parsing strings.

Syntax

| parse fieldName, pattern

To get started, a field is generated at runtime to demonstrate its functionality.

Example
```
1data record(content="117.169.75.66--[14/Mar/2016:23:34:25 +0200] GET//db/scripts/setup.php HTTP/1.1 404 474")
2| parse content, "IPV4:ip LD HTTPDATE:time ']' LD:text"
```
The result shows that the parsed fields are added to the previously present set of fields and can be used for further processing.

Query result

content Ip time text
117.169.75.66--[14/Mar/2016:23:34:25 +0200] GET//db/scripts/setup.php HTTP/1.1 404 474
117.169.75.66
14/03/2016, 22:34:25
GET//db/scripts/setup.php HTTP/1.1 404 474

content	Ip	time	text
`117.169.75.66--[14/Mar/2016:23:34:25 +0200] GET//db/scripts/setup.php HTTP/1.1 404 474`	`117.169.75.66`	`14/03/2016, 22:34:25`	`GET//db/scripts/setup.php HTTP/1.1 404 474`

Added fields override existing fields

In case of identical names, fields added by the parse command override the existing fields. When two identical field names are specified in the DQL statement, a warning "The field <fieldName> overrides an existing field." is returned.

Extraction and parsing commands

parse

Related topics