log_template_regex
Generates a regex pattern that matches log lines with the same structural template. Variable tokens (numbers, UUIDs, IPs, hex, quoted strings) are replaced with regex wildcards while literal text is preserved. The output is designed for use with `matches regex` to leverage bloom filter optimization.
Syntax
log_template_regex(source)See Regex Syntax for the full regular expression reference.
Parameters
Prop
Type
Returns: string
Examples
Example 1
print log_template_regex("raid on monastery 793 from 10.0.0.1")| print_0 (string) |
|---|
| ^raid on monastery \d+(?:.\d+)?(?:[eE][+-]?\d+)? from \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$ |
log_template_id
Returns a stable 16-character hex string identifying the structural log template of the input line. Equivalent to formatting the output of log_template_hash as zero-padded lowercase hex — small enough to store on rows as an indexed attribute, large enough to make per-template groupings collision-free for log volumes encountered in practice.
current_table
Returns the table name for the current row. Used internally by the search operator.