Rediger

Del via


matches regex operator

Applies to: ✅ Microsoft FabricAzure Data ExplorerAzure MonitorMicrosoft Sentinel

Filters a record set based on a case-sensitive regular expression value.

For more information about other operators and to determine which operator is most appropriate for your query, see datatype string operators.

Note

Performance depends on the type of search and the structure of the data. For best practices, see Query best practices.

Syntax

T | where col matches regex (expression)

Learn more about syntax conventions.

Parameters

Name Type Required Description
T string ✔️ The tabular input whose records are to be filtered.
col string ✔️ The column by which to filter.
expression scalar ✔️ The regular expression regex.md used to filter. The maximum number of regex groups is 16. For more information about the regex syntax supported by Kusto, see regular expression.

Returns

Rows in T for which the predicate is true.

Example

StormEvents
| summarize event_count=count() by State
| where State matches regex "K.*S"
| where event_count > 10
| project State, event_count

Output

State event_count
KANSAS 3166
ARKANSAS 1028
LAKE SUPERIOR 34
LAKE ST CLAIR 32