matches regex operator
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Filters a record set based on a case-sensitive regular expression value.
For more information about other operators and to determine which operator is most appropriate for your query, see datatype string operators.
Note
Performance depends on the type of search and the structure of the data. For best practices, see Query best practices.
Syntax
T |
where
col matches
regex
(
expression)
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
T | string |
✔️ | The tabular input whose records are to be filtered. |
col | string |
✔️ | The column by which to filter. |
expression | scalar | ✔️ | The regular expression regex.md used to filter. The maximum number of regex groups is 16. For more information about the regex syntax supported by Kusto, see regular expression. |
Returns
Rows in T for which the predicate is true
.
Example
StormEvents
| summarize event_count=count() by State
| where State matches regex "K.*S"
| where event_count > 10
| project State, event_count
Output
State | event_count |
---|---|
KANSAS | 3166 |
ARKANSAS | 1028 |
LAKE SUPERIOR | 34 |
LAKE ST CLAIR | 32 |