Scalar functions
String functions
| Function Name | Description |
|---|---|
| base64_encode_tostring() | Encodes a string as base64 string. |
| base64_decode_tostring() | Decodes a base64 string to a UTF-8 string. |
| countof() | Counts occurrences of a substring in a string. |
| countof_regex() | Counts occurrences of a substring in a string. Regex matches don't. |
| bin() | Rounds values down to an integer multiple of a given bin size. |
| bin_auto() | Rounds values down to a fixed-size "bin", with control over the bin size and starting point provided by a query property. |
| extract() | Get a match for a regular expression from a text string. |
| extract_all() | Get all matches for a regular expression from a text string. |
| indexof() | Function reports the zero-based index of the first occurrence of a specified string within input string. |
| isempty() | Returns true if the argument is an empty string or is null. |
| isnotempty() | Returns true if the argument isn't an empty string or a null. |
| isnotnull() | Returns true if the argument is not null. |
| isnull() | Evaluates its sole argument and returns a bool value indicating if the argument evaluates to a null value. |
| parse_ipv4() | Converts input to long (signed 64-bit) number representation. |
| parse_ipv4_mask() | Converts input string and IP-prefix mask to long (signed 64-bit) number representation. |
| parse_json() | Interprets a string as a JSON value) and returns the value as dynamic. |
| parse_url() | Parses an absolute URL string and returns a dynamic object contains all parts of the URL. |
| parse_urlquery() | Parses a url query string and returns a dynamic object contains the Query parameters. |
| replace() | Replace all regex matches with another string. |
| replace_regex() | Replaces all regex matches with another string. |
| replace_string() | Replaces all string matches with another string. |
| reverse() | Function makes reverse of input string. |
| split() | Splits a given string according to a given delimiter and returns a string array with the contained substrings. |
| strcat() | Concatenates between 1 and 64 arguments. |
| strcat_delim() | Concatenates between 2 and 64 arguments, with delimiter, provided as first argument. |
| strcmp() | Compares two strings. |
| strlen() | Returns the length, in characters, of the input string. |
| strrep() | Repeats given string provided number of times (default = 1). |
| substring() | Extracts a substring from a source string starting from some index to the end of the string. |
| toupper() | Converts a string to upper case. |
| trim() | Removes all leading and trailing matches of the specified cutset. |
| trim_regex() | Removes all leading and trailing matches of the specified regular expression. |
| trim_end() | Removes trailing match of the specified cutset. |
| trim_end_regex() | Removes trailing match of the specified regular expression. |
| trim_start() | Removes leading match of the specified regular expression. |
| trim_start_regex() | Removes leading match of the specified regular expression. |
| url_decode() | The function converts encoded URL into a regular URL representation. |
| url_encode() | The function converts characters of the input URL into a format that can be transmitted over the Internet. |
| now() | Returns the current UTC clock time, optionally offset by a given timespan. |
base64_encode_tostring()
Encodes a string as base64 string.
Arguments
- String: Input string or string field to be encoded as base64 string.
Returns
Returns the string encoded as base64 string.
- To decode base64 strings to UTF-8 strings, see base64_decode_tostring()
Example
base64_encode_tostring(string)
base64_decode_tostring()
Decodes a base64 string to a UTF-8 string.
Arguments
- String: Input string or string field to be decoded from base64 to UTF8-8 string.
Returns
Returns UTF-8 string decoded from base64 string.
- To encode strings to base64 string, see base64_encode_tostring()
Example
base64_decode_tostring(base64_string)
countof()
Counts occurrences of a substring in a string.
Arguments
| name | type | description |
|---|---|---|
| text source | string | Source to count your occurences from |
| search | string | The plain string to match inside source. |
Returns
The number of times that the search string can be matched.
Example
countof(search, text)
countof_regex()
Counts occurrences of a substring in a string. regex matches don't.
Arguments
- text source: A string.
- regex search: regular expression to match inside your text source.
Returns
The number of times that the search string can be matched in the dataset. Regex matches do not.
Example
countof_regex(regex, text)
bin()
Rounds values down to an integer multiple of a given bin size.
Used frequently in combination with summarize by. If you have a scattered set of values, they will be grouped into a smaller set of specific values
Arguments
- value: A number, date, or timespan.
- roundTo: The "bin size". A number or timespan that divides value.
Returns
The nearest multiple of roundTo below value.
Example
bin(value,roundTo)
bin_auto()
Rounds values down to a fixed-size "bin", with control over the bin size and starting point provided by a query property.
Arguments
- Expression: A scalar expression of a numeric type indicating the value to round.
Returns
The nearest multiple of query_bin_auto_at below Expression, shifted so that query_bin_auto_at will be translated into itself.
Example
bin_auto ( Expression )
extract()
Convert the extracted substring to the indicated type.
Arguments
| name | type | description |
|---|---|---|
| regex | expression | A regular expression. |
| captureGroup | string | A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parentheses. |
| source | string | A string to search |
| typeLiteral | literal | A type literal (e.g., typeof(long)). If provided, the extracted substring is converted to this type. |
Returns
If regex finds a match in source: the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral.
If there's no match, or the type conversion fails: -1 or string error
Example
extract(regex, captureGroup, source [, typeLiteral])
extract_all()
retrieve a subset of matching groups.
Arguments
| name | type | description |
|---|---|---|
| regex | expression | A regular expression containing between one and 16 capture groups. Example of a valid regex: @"(\d+)". Example of an invalid regex: @"\d+" |
| captureGroups | array | A dynamic array constant that indicates the capture group to extract. Valid values are from 1 to the number of capturing groups in the regular expression. |
| source | string | A string to search |
Returns
- If regex finds a match in source: Returns dynamic array including all matches against the indicated capture groups captureGroups, or all of capturing groups in the regex.
- If number of captureGroups is 1: The returned array has a single dimension of matched values.
- If number of captureGroups is more than 1: The returned array is a two-dimensional collection of multi-value matches per captureGroups selection, or all capture groups present in the regex if captureGroups is omitted.
- If there's no match:
-1
Example
extract_all(regex, [captureGroups,] source)
indexof()
Reports the zero-based index of the first occurrence of a specified string within the input string.
Arguments
| name | type | description |
|---|---|---|
| source | string | Input string |
| lookup | string | String to look up |
| start_index | text | Search start position. |
| length | characters | Number of character positions to examine. A value of -1 means unlimited length. |
| occurence | number | The number of the occurrence. Default 1. |
Returns
Zero-based index position of lookup.
Returns -1 if the string isn't found in the input.
Examples
indexof(source,lookup[,start_index[,length[,occurrence]]])indexof ()
isempty()
Returns true if the argument is an empty string or is null.
Returns
Indicates whether the argument is an empty string or isnull.
Example
isempty([value])
isnotempty()
Returns true if the argument isn't an empty string, and it isn't null.
Example
isnotempty([value])notempty([value]) -- alias of isnotempty
isnotnull()
Returns true if the argument is not null.
Example
isnotnull([value])notnull([value]) - alias for `isnotnull`
isnull()
Evaluates its sole argument and returns a bool value indicating if the argument evaluates to a null value.
Returns
True or false, depending on whether or not the value is null.
Example
isnull(Expr)
parse_ipv4()
Converts IPv4 string to long (signed 64-bit) number representation.
Arguments
- Expr: String expression representing IPv4 that will be converted to long. String may include net-mask using IP-prefix notation.
Returns
If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.
Example
parse_ipv4(Expr)
parse_ipv4_mask()
Converts the input string of IPv4 and netmask to long number representation (signed 64-bit).
Arguments
Expr:A string representation of the IPv4 address that will be converted to long.PrefixMask:An integer from 0 to 32 representing the number of most-significant bits that are taken into account.
Returns
If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.
Example
parse_ipv4_mask(Expr, PrefixMask)
parse_json()
Interprets a string as a JSON value and returns the value as dynamic.
Arguments
json: An expression of type string. It represents a JSON-formatted value,
Returns
An object of type json that is determined by the value of json:
If json is of type string, and is a properly formatted JSON string, then the string is parsed, and the value produced is returned.
If json is of type string, but it isn't a properly formatted JSON string, then the returned value is an object of type dynamic that holds the original string value.
Example
parse_json(json)
parse_url()
Parses an absolute URL string and returns an object contains URL parts.
Arguments
- url: A string represents a URL or the query part of the URL.
Returns
An object of type dynamic that included the URL components: Scheme, Host, Port, Path, Username, Password, Query Parameters, Fragment.
Example
parse_url(url)
parse_urlquery()
Returns a dynamic object contains the Query parameters.
Arguments
query: A string represents a url query
Returns
An object of type dynamic that includes the query parameters.
Example
parse_urlquery(query)
replace()
Replace all regex matches with another string.
Arguments
- regex: The regular expression to search source. It can contain capture groups in '('parentheses')'.
- rewrite: The replacement regex for any match made by matchingRegex. Use \0 to refer to the whole match, \1 for the first capture group, \2 and so on for subsequent capture groups.
- source: A string.
Returns
- source after replacing all matches of regex with evaluations of rewrite. Matches do not overlap.
Example
replace(regex, rewrite, source)
replace_regex()
Replaces all regex matches with another string.
Arguments
- text: A string.
- regex: The regular expression to search text.
- rewrite: The replacement regex for any match made by matchingRegex.
Returns
source after replacing all matches of regex with evaluations of rewrite. Matches do not overlap.
Example
replace_regex(text,regex, rewrite)
replace_string()
Replaces all string matches with another string.
Arguments
- text: A string.
- lookup: A string to be replaced.
- rewrite: A replacement string.
Returns
text after replacing all matches of lookup with evaluations of rewrite. Matches do not overlap.
Example
replace_string(text, lookup, rewrite)
reverse()
Function reverses the order of the input Field.
Arguments
| name | type | description |
|---|---|---|
| Field | string | Field input value |
Returns
The reverse order of a field value.
Example
reverse(value)
split()
Splits a given string according to a given delimiter and returns a string array with the contained substrings.
Optionally, a specific substring can be returned if exists.
Arguments
- source: The source string that will be split according to the given delimiter.
- delimiter: The delimiter (Field) that will be used in order to split the source string.
Returns
- A string array that contains the substrings of the given source string that are delimited by the given delimiter.
Example
split(source, delimiter)
strcat()
Concatenates between 1 and 64 arguments.
If the arguments aren't of string type, they'll be forcibly converted to string.
Arguments
- argument1 ... argumentN: Expressions to be concatenated.
Returns
Arguments, concatenated to a single string.
Example
strcat(argument1, argument2[, argumentN])
strcat_delim()
Concatenates between 2 and 64 arguments, with delimiter, provided as first argument.
- If arguments aren't of string type, they'll be forcibly converted to string.
Arguments
- delimiter: string expression, which will be used as separator.
- argument1 ... argumentN: Expressions to be concatenated.
Returns
Arguments, concatenated to a single string with delimiter.
Example
strcat_delim(delimiter, argument1, argument2[ , argumentN])
strcmp()
Compares two strings.
The function starts comparing the first character of each string. If they are equal to each other, it continues with the following pairs until the characters differ or until the end of shorter string is reached.
Arguments
string1:first input string for comparison.string2:second input string for comparison.
Returns
Returns an integral value indicating the relationship between the strings:
- When the result is 0: The contents of both strings are equal.
- When the result is -1: the first character that does not match has a lower value in string1 than in string2.
- When the result is 1: the first character that does not match has a higher value in string1 than in string2.
Examples
strcmp(string1, string2)
strlen()
Returns the length, in characters, of the input string.
Arguments
- source: The source string that will be measured for string length.
Returns
Returns the length, in characters, of the input string.
Examples
strlen(source)
strrep()
Repeats given string provided amount of times.
- In case if first or third argument is not of a string type, it will be forcibly converted to string.
Arguments
- value: input expression
- multiplier: positive integer value (from 1 to 1024)
- delimiter: A string expression (default: empty string)
Returns
Value repeated for a specified number of times, concatenated with delimiter.
In case if multiplier is more than maximal allowed value (1024), input string will be repeated 1024 times.
Example
strrep(value,multiplier,[delimiter])
substring()
Extracts a substring from a source string starting from some index to the end of the string.
Arguments
- source: The source string that the substring will be taken from.
- startingIndex: The zero-based starting character position of the requested substring.
- length: A parameter that can be used to specify the requested number of characters in the substring.
Returns
A substring from the given string. The substring starts at startingIndex (zero-based) character position and continues to the end of the string or length characters if specified.
Example
substring(source, startingIndex [, length])
toupper()
Converts a string to upper case.
toupper("axiom") == "AXIOM"
trim()
Removes all leading and trailing matches of the specified cutset.
Arguments
- source: A string.
Returns
source after trimming matches of the cutset found in the beginning and/or the end of source.
Examples
trim(source)
trim_regex()
Removes all leading and trailing matches of the specified regular expression.
Arguments
- regex: String or regular expression to be trimmed from the beginning and/or the end of source.
- source: A string.
Returns
source after trimming matches of regex found in the beginning and/or the end of source.
Example
trim(regex, source)
trim_end()
Removes trailing match of the specified cutset.
Arguments
- source: A string.
Returns
source after trimming matches of the cutset found in the end of source.
Examples
trim_end(source)
trim_end_regex()
Removes trailing match of the specified regular expression.
Arguments
- regex: String or regular expression to be trimmed from the end of source.
- source: A string.
Returns
source after trimming matches of regex found in the end of source.
Example
trim_end(regex, source)
trim_start()
Removes leading match of the specified cutset.
Arguments
- source: A string.
Returns
- source after trimming match of the specified cutset found in the beginning of source.
Example
trim_start(source)
trim_start_regex()
Removes leading match of the specified regular expression.
Arguments
- regex: String or regular expression to be trimmed from the beginning of source.
- source: A string.
Returns
source after trimming match of regex found in the beginning of source.
Example
trim_start(regex, source)
url_decode()
The function converts encoded URL into a to regular URL representation.
Arguments
encoded url:encoded URL (string).
Returns
URL (string) in a regular representation.
Example
url_decode(encoded url)
url_encode()
The function converts characters of the input URL into a format that can be transmitted over the Internet.
Arguments
- url: input URL (string).
Returns
URL (string) converted into a format that can be transmitted over the Internet.
Example
url_encode(url)
now()
Returns the current UTC clock time, optionally offset by a given timespan. This function can be used multiple times in a statement and the clock time being referenced will be the same for all instances.
Arguments
- offset: A timespan, added to the current UTC clock time. Default: 0.
Returns
The current UTC clock time as a datetime.
Example
now([offset])
