Skip to content

select_matching

Selects top-level fields from a record when their names match a regular expression.

select_matching(x:record, regex:string) -> record

Description

Section titled “Description”

The select_matching function returns a record with every top-level field from x whose field name matches regex.

Matching is partial by default. Use ^ and $ anchors to match whole field names or prefixes. The function does not recurse into nested records; call it on the nested record if you want to select fields there.

The supported regular expression syntax is RE2.

x: record

Section titled “x: record”

The record whose fields you want to filter.

regex: string

Section titled “regex: string”

The regular expression to match against field names.

Examples

Section titled “Examples”

Select fields by prefix

Section titled “Select fields by prefix”
from {
  src_ip: 1.2.3.4,
  src_port: 443,
  dst_ip: 5.6.7.8,
  dst_port: 80,
  proto: "tcp",
}
select endpoints = this.select_matching("^(src|dst)_")
{
  endpoints: {
    src_ip: 1.2.3.4,
    src_port: 443,
    dst_ip: 5.6.7.8,
    dst_port: 80,
  },
}

Select fields by suffix

Section titled “Select fields by suffix”
from {
  user_id: "u-123",
  session_id: "s-456",
  message: "login",
}
select identifiers = this.select_matching("_id$")
{
  identifiers: {
    user_id: "u-123",
    session_id: "s-456",
  },
}

See Also

Section titled “See Also”

Last updated: