Simple Functions and Operators
Searches and queries can perform calculations on event data.
These built-in functions and operators work with individual values. See Aggregate Functions for information on functions like count()
and distinct()
that work with sets of values.
Arrived(eventId)
Arrived(eventId)
Evaluates to the arrival order encoded in eventId
. The arrival order is a hint that preserves the order of events from the same source that have the same timestamp. If any argument is null
, the result is undefined.
Result type: number
Coalesce(arg0, arg1, ...)
Coalesce(arg0, arg1, ...)
Evaluates to the first defined, non-null argument. If no argument meets this requirement, the evaluates to the value of the last argument.
Result type: any
Concat(str0, str1, ...)
Concat(str0, str1, ...)
Concatenate all string arguments. No type coercion is performed: the result is undefined if any argument is not a string. If any argument is null
, the result is undefined.
Result type: any
Contains(text, substring)
Contains(text, substring)
Evaluates to true
if text
contains substring
. Accepts a /regular expression/
in place of substring
. If any argument is null
, the result is undefined.
Result type: bool
Supports the ci
modifier?: Yes
DatePart(datetime, part, offset)
DatePart(datetime, part, offset)
Compute the value of part
for the date/time datetime
at time zone offset offset
. Both datetime
and offset
are 100-nanosecond tick values. If part
is not a string, or not a recognized part name, the result is undefined. See the documentation section on date and time handling for more information. If any argument is null
, the result is undefined.
Result type: number
Example
DatePart(Now(), 'weekday', OffsetIn('Australia/Brisbane', Now()))
DateTime(str)
DateTime(str)
Attempt to parse the date/time value encoded in the string str
. If the value cannot be parsed as a date/time, the result is undefined. If any argument is null
, the result is undefined.
Result type: number
ElementAt(collection, index)
ElementAt(collection, index)
Access the element of the array or object collection
at the index or key index
. If any argument is null
, the result is undefined.
Result type: any
Supports the ci
modifier?: Yes
EndsWith(text, substring)
EndsWith(text, substring)
Evaluates to true
if text
ends with substring
. Accepts a /regular expression/
in place of substring
. If any argument is null
, the result is undefined.
Result type: bool
Supports the ci
modifier?: Yes
Every(collection, predicate)
Every(collection, predicate)
Evaluates to true
if the function predicate
evaluates to true
for all elements of the array or object collection
. If any argument is null
, the result is undefined.
Result type: bool
Example
Every(['0.1', '0.1-pre'], |tag| StartsWith(tag, '0.'))
FromJson(json)
FromJson(json)
Parse the JSON-encoded string json
. If json
is not a string, or is not valid JSON, the result is undefined. This function has a high runtime cost and should be avoided when possible. If any argument is null
, the result is undefined.
Result type: any
Has(arg)
Has(arg)
Evaluates to true
if arg
is defined. Otherwise, if arg
is undefined, the result is false
.
Result type: bool
IndexOf(text, substring)
IndexOf(text, substring)
Return the zero-based index of the first occurrence of substring
in text
. Accepts a /regular expression/
in place of substring
. If substring
is not present in text
, the result is -1. If any argument is null
, the result is undefined.
Result type: number
Supports the ci
modifier?: Yes
Keys(obj)
Keys(obj)
Evaluates to an array containing the keys of the object obj
. The result is undefined if obj
is not an object. If any argument is null
, the result is undefined.
Result type: array
LastIndexOf(text, substring)
LastIndexOf(text, substring)
Return the zero-based index of the last occurrence of substring
in text
. Accepts a /regular expression/
in place of substring
. If substring
is not present in text
, the result is -1. If any argument is null
, the result is undefined.
Result type: number
Supports the ci
modifier?: Yes
Length(arg)
Length(arg)
Evaluates to the length of the string or array arg
. If any argument is null
, the result is undefined.
Result type: number
Now()
Now()
Evaluates to the current time, as 100-nanosecond ticks since 00:00:00 on 0001-01-01. If any argument is null
, the result is undefined.
Result type: number
OffsetIn(timezone, instant)
OffsetIn(timezone, instant)
Determine the offset from UTC in time zone timezone
at instant instant
. The time zone name must be an IANA time zone name. The instant
value is specified in 100-nanosecond ticks. See the documentation section on date and time handling for more information. If any argument is null
, the result is undefined.
Result type: number
Example
OffsetIn('Australia/Brisbane', Now())
Round(value, places)
Round(value, places)
Round value
to specified number of decimal places. Midpoint values (0.5) are rounded up. If any argument is non-numeric, the result is undefined.
Result type: number
Example
// Evaluates to 123.5
Round(123.456, 1)
Some(collection, predicate)
Some(collection, predicate)
Evaluates to true
if the function predicate
evaluates to true
for any element of the array or object collection
. If any argument is null
, the result is undefined.
Result type: bool
Example
Some(['0.1', '0.1-pre'], |tag| EndsWith(tag, '-pre'))
StartsWith(text, substring)
StartsWith(text, substring)
Evaluates to true
if text
starts with substring
. Accepts a /regular expression/
in place of substring
. If any argument is null
, the result is undefined.
Result type: bool
Supports the ci
modifier?: Yes
Substring(str, start, length)
Substring(str, start, length)
Evaluates to the substring of string str
from the zero-based index start
, of length
characters. If length
is not specified, or exceeds the number of characters remaining after start
, the result is the remainder of the string. The result is undefined if start is out of bounds, or if either start
or length
is negative. If any argument is undefined, the result is undefined.
Result type: any
TimeOfDay(datetime, offsetHours)
TimeOfDay(datetime, offsetHours)
Compute the time of day of the date/time datetime
in the time zone offset offsetHours
. If any argument is non-numeric, the result is undefined.
Result type: number
Example
TimeOfDay(Now(), -7)
TimeSpan(str)
TimeSpan(str)
Attempt to parse the time value encoded in the string str
. If the value cannot be parsed as a time, the result is undefined. If any argument is null
, the result is undefined.
Result type: number
Example
TimeSpan('12:34.56')
ToEventType(str)
ToEventType(str)
Compute the event type that Seq automatically assigns to @EventType
from the message template str
. If any argument is null
, the result is undefined.
Result type: any
ToHexString(num)
ToHexString(num)
Format num
as a hexadecimal string, including leading 0x
. Decimal digits are discarded. If any argument is non-numeric, the result is undefined.
Result type: string
ToIsoString(datetime, offset)
ToIsoString(datetime, offset)
Format datetime
as an ISO-8601 string, with an optional time zone offset. Both the datetime and offset arguments are interpreted as 100-nanosecond ticks since the epoch. If any argument is non-numeric, the result is undefined. The offset argument defaults to 0, or UTC. Output is given with the UTC or full time zone designator, i.e. Z
or ±hh:mm
. If any argument is non-numeric, the result is undefined.
Result type: string
ToJson(arg)
ToJson(arg)
Convert the value arg
to JSON. If any argument is undefined, the result is undefined. Can be used to convert a value (e.g. number) to a string.
Result type: string
ToLower(str)
ToLower(str)
Convert string str
to lowercase. To compare strings in a case-insensitive manner, use the equality operator and ci
modifier instead. The result is undefined if str
is not a string. If any argument is null
, the result is undefined.
Result type: string
ToNumber(str)
ToNumber(str)
Parse string str
as a number. If any argument is null
, the result is undefined.
Result type: number
TotalMilliseconds(timespan)
TotalMilliseconds(timespan)
Evaluates to the total number of milliseconds represented by the time span timespan
. If timespan
is a number, it will be interpreted as containing 100-nanosecond ticks. If timespan
is a string, it will be parsed in the same manner as performed by TimeSpan()
. If any argument is null
, the result is undefined.
Result type: number
ToTimeString(timespan)
ToTimeString(timespan)
Format timespan
as an d.HH:mm:ss.f
string. The timespan
argument is interpreted as 100-nanosecond ticks. If any argument is non-numeric, the result is undefined.
Result type: string
ToUpper(str)
ToUpper(str)
Convert string str
to uppercase. To compare strings in a case-insensitive manner, use the equality operator and ci
modifier instead. The result is undefined if str
is not a string. If any argument is null
, the result is undefined.
Result type: string
TypeOf(arg)
TypeOf(arg)
Returns the type of value
, either 'object'
, 'array'
, 'string'
, 'number'
, 'bool'
, 'null'
, or 'undefined'
.
Result type: string
Values(obj)
Values(obj)
Evaluates to an array containing the values of the members of object obj
. The result is undefined if obj
is not an object. If any argument is null
, the result is undefined.
Result type: array
Operator -
-
Subtract one number from another. If any argument is non-numeric, the result is undefined.
Result type: number
Operator -
(prefix)
-
(prefix)Negate a number. If any argument is non-numeric, the result is undefined.
Result type: number
Operator *
*
Multiply two numbers. If any argument is non-numeric, the result is undefined.
Result type: number
Operator /
/
Divide one number by another. If the right-hand operand is zero, the result is undefined. If any argument is non-numeric, the result is undefined.
Result type: number
Operator %
%
Compute the remainder after dividing the left-hand operand by the right. If the right-hand operand is zero, the result is undefined. If any argument is non-numeric, the result is undefined.
Result type: number
Operator ^
^
Raise a number to the specified power. If any argument is non-numeric, the result is undefined.
Result type: number
Operator +
+
Add two numbers. If any argument is non-numeric, the result is undefined.
Result type: number
Operator <
<
Compare two numbers and return true
if the left-hand operand is less than the right-hand operand. If any argument is non-numeric, the result is undefined.
Result type: bool
Operator <=
<=
Compare two numbers and return true
if the left-hand operand is less than or equal to the right-hand operand. If any argument is non-numeric, the result is undefined.
Result type: bool
Operator <>
<>
Compare two values, returning true
if the values are unequal, and false
otherwise. Structural comparison is supported, so the values may be of any type including objects and arrays. If the right-hand operand is a /regular expression/
, the result is true
if the left-hand operand is a string that is an exact match for the regular expression. If any argument is undefined, the result is undefined.
Result type: any
Supports the ci
modifier?: Yes
Operator =
=
Compare two values, returning true
if the values are equal, and false
otherwise. Structural comparison is supported, so the values may be of any type including objects and arrays. If any argument is undefined, the result is undefined.
Result type: any
Supports the ci
modifier?: Yes
Operator >
>
Compare two numbers and return true
if the left-hand operand is greater than the right-hand operand. If any argument is non-numeric, the result is undefined.
Result type: bool
Operator >=
>=
Compare two numbers and return true
if the left-hand operand is greater than or equal to the right-hand operand. If any argument is non-numeric, the result is undefined.
Result type: bool
Operator and
and
The logical AND operator. The result of a and b
is true
if and only if both a
and b
are true
; the result is otherwise false
. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.
Result type: bool
Operator not
(prefix)
not
(prefix)Logical NOT. Evaluates to true
only if the operand is false
, or if the operand is undefined. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.
Result type: bool
Operator or
or
The logical OR operator. The result of a or b
is true
if either a
or b
is true; otherwise the result is false
. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.
Result type: bool
Updated over 1 year ago