Documentation
DocumentationDiscussions
Documentation
These docs are for v2024.1. Click to read the latest docs for v2024.3.

Simple Functions and Operators

Searches and queries can perform calculations on event data.

These built-in functions and operators work with individual values. See Aggregate Functions for information on functions like count() and distinct() that work with sets of values.

Arrived(eventId)

Evaluates to the arrival order encoded in eventId. The arrival order is a hint that preserves the order of events from the same source that have the same timestamp. If any argument is null, the result is undefined.

Result type: number

Coalesce(arg0, arg1, ...)

Evaluates to the first defined, non-null argument. If no argument meets this requirement, the evaluates to the value of the last argument.

Result type: any

Concat(str0, str1, ...)

Concatenate all string arguments. No type coercion is performed: the result is undefined if any argument is not a string. If any argument is null, the result is undefined.

Result type: any

Contains(text, substring)

Evaluates to true if text contains substring. Accepts a /regular expression/ in place of substring. If any argument is null, the result is undefined.

Result type: bool
Supports the ci modifier?: Yes

DatePart(datetime, part, offset)

Compute the value of part for the date/time datetime at time zone offset offset. Both datetime and offset are 100-nanosecond tick values. If part is not a string, or not a recognized part name, the result is undefined. See the documentation section on date and time handling for more information. If any argument is null, the result is undefined.

Result type: number

Example

DatePart(Now(), 'weekday', OffsetIn('Australia/Brisbane', Now()))

DateTime(str)

Attempt to parse the date/time value encoded in the string str. If the value cannot be parsed as a date/time, the result is undefined. If any argument is null, the result is undefined.

Result type: number

ElementAt(collection, index)

Access the element of the array or object collection at the index or key index. If any argument is null, the result is undefined.

Result type: any
Supports the ci modifier?: Yes

EndsWith(text, substring)

Evaluates to true if text ends with substring. Accepts a /regular expression/ in place of substring. If any argument is null, the result is undefined.

Result type: bool
Supports the ci modifier?: Yes

Every(collection, predicate)

Evaluates to true if the function predicate evaluates to true for all elements of the array or object collection. If any argument is null, the result is undefined.

Result type: bool

Example

Every(['0.1', '0.1-pre'], |tag| StartsWith(tag, '0.'))

FromJson(json)

Parse the JSON-encoded string json. If json is not a string, or is not valid JSON, the result is undefined. This function has a high runtime cost and should be avoided when possible. If any argument is null, the result is undefined.

Result type: any

Has(arg)

Evaluates to true if arg is defined. Otherwise, if arg is undefined, the result is false.

Result type: bool

IndexOf(text, substring)

Return the zero-based index of the first occurrence of substring in text. Accepts a /regular expression/ in place of substring. If substring is not present in text, the result is -1. If any argument is null, the result is undefined.

Result type: number
Supports the ci modifier?: Yes

Keys(obj)

Evaluates to an array containing the keys of the object obj. The result is undefined if obj is not an object. If any argument is null, the result is undefined.

Result type: array

LastIndexOf(text, substring)

Return the zero-based index of the last occurrence of substring in text. Accepts a /regular expression/ in place of substring. If substring is not present in text, the result is -1. If any argument is null, the result is undefined.

Result type: number
Supports the ci modifier?: Yes

Length(arg)

Evaluates to the length of the string or array arg. If any argument is null, the result is undefined.

Result type: number

Now()

Evaluates to the current time, as 100-nanosecond ticks since 00:00:00 on 0001-01-01. If any argument is null, the result is undefined.

Result type: number

OffsetIn(timezone, instant)

Determine the offset from UTC in time zone timezone at instant instant. The time zone name must be an IANA time zone name. The instant value is specified in 100-nanosecond ticks. See the documentation section on date and time handling for more information. If any argument is null, the result is undefined.

Result type: number

Example

OffsetIn('Australia/Brisbane', Now())

Round(value, places)

Round value to specified number of decimal places. Midpoint values (0.5) are rounded up. If any argument is non-numeric, the result is undefined.

Result type: number

Example

// Evaluates to 123.5
Round(123.456, 1)

Some(collection, predicate)

Evaluates to true if the function predicate evaluates to true for any element of the array or object collection. If any argument is null, the result is undefined.

Result type: bool

Example

Some(['0.1', '0.1-pre'], |tag| EndsWith(tag, '-pre'))

StartsWith(text, substring)

Evaluates to true if text starts with substring. Accepts a /regular expression/ in place of substring. If any argument is null, the result is undefined.

Result type: bool
Supports the ci modifier?: Yes

Substring(str, start, length)

Evaluates to the substring of string str from the zero-based index start, of length characters. If length is not specified, or exceeds the number of characters remaining after start, the result is the remainder of the string. The result is undefined if start is out of bounds, or if either start or length is negative. If any argument is undefined, the result is undefined.

Result type: any

TimeOfDay(datetime, offsetHours)

Compute the time of day of the date/time datetime in the time zone offset offsetHours. If any argument is non-numeric, the result is undefined.

Result type: number

Example

TimeOfDay(Now(), -7)

TimeSpan(str)

Attempt to parse the d.HH:mm:ss.f formatted time value encoded in the string str. If the value cannot be parsed as a time, the result is undefined. If any argument is null, the result is undefined.

Result type: number

Example

TimeSpan('1.1:59:59.123')

ToEventType(str)

Compute the event type that Seq automatically assigns to @EventType from the message template str. If any argument is null, the result is undefined.

Result type: any

ToHexString(num)

Format num as a hexadecimal string, including leading 0x. Decimal digits are discarded. If any argument is non-numeric, the result is undefined.

Result type: string

ToIsoString(datetime, offset)

Format datetime as an ISO-8601 string, with an optional time zone offset. Both the datetime and offset arguments are interpreted as 100-nanosecond ticks since the epoch. If any argument is non-numeric, the result is undefined. The offset argument defaults to 0, or UTC. Output is given with the UTC or full time zone designator, i.e. Z or ±hh:mm. If any argument is non-numeric, the result is undefined.

Result type: string

Example

ToIsoString(DateTime('2023-12-20'), 10h)

ToJson(arg)

Convert the value arg to JSON. If the argument is undefined, the result is undefined. Can be used to convert a value (e.g. number) to a string. If any argument is undefined, the result is undefined.

Result type: string

ToLower(str)

Convert string str to lowercase. To compare strings in a case-insensitive manner, use the equality operator and ci modifier instead. The result is undefined if str is not a string. If any argument is null, the result is undefined.

Result type: string

ToNumber(str)

Parse string str as a number. If any argument is null, the result is undefined.

Result type: number

TotalMilliseconds(timespan)

Evaluates to the total number of milliseconds represented by the time span timespan. If timespan is a number, it will be interpreted as containing 100-nanosecond ticks. If timespan is a string, it will be parsed in the same manner as performed by TimeSpan(). If any argument is null, the result is undefined.

Result type: number

Example

TotalMilliseconds(1s)

ToTimeString(timespan)

Format timespan as an d.HH:mm:ss.f string. The timespan argument is interpreted as 100-nanosecond ticks. The inverse of TimeSpan. If any argument is non-numeric, the result is undefined.

Result type: string

Example

ToTimeString(1h)

ToUpper(str)

Convert string str to uppercase. To compare strings in a case-insensitive manner, use the equality operator and ci modifier instead. The result is undefined if str is not a string. If any argument is null, the result is undefined.

Result type: string

TypeOf(arg)

Returns the type of value, either 'object', 'array', 'string', 'number', 'bool', 'null', or 'undefined'.

Result type: string

Values(obj)

Evaluates to an array containing the values of the members of object obj. The result is undefined if obj is not an object. If any argument is null, the result is undefined.

Result type: array

Operator -

Subtract one number from another. If any argument is non-numeric, the result is undefined.

Result type: number

Operator - (prefix)

Negate a number. If any argument is non-numeric, the result is undefined.

Result type: number

Operator *

Multiply two numbers. If any argument is non-numeric, the result is undefined.

Result type: number

Operator /

Divide one number by another. If the right-hand operand is zero, the result is undefined. If any argument is non-numeric, the result is undefined.

Result type: number

Operator %

Compute the remainder after dividing the left-hand operand by the right. If the right-hand operand is zero, the result is undefined. If any argument is non-numeric, the result is undefined.

Result type: number

Operator ^

Raise a number to the specified power. If any argument is non-numeric, the result is undefined.

Result type: number

Operator +

Add two numbers. If any argument is non-numeric, the result is undefined.

Result type: number

Operator <

Compare two numbers and return true if the left-hand operand is less than the right-hand operand. If any argument is non-numeric, the result is undefined.

Result type: bool

Operator <=

Compare two numbers and return true if the left-hand operand is less than or equal to the right-hand operand. If any argument is non-numeric, the result is undefined.

Result type: bool

Operator <>

Compare two values, returning true if the values are unequal, and false otherwise. Structural comparison is supported, so the values may be of any type including objects and arrays. If the right-hand operand is a /regular expression/, the result is true if the left-hand operand is a string that is an exact match for the regular expression. If any argument is undefined, the result is undefined.

Result type: any
Supports the ci modifier?: Yes

Operator =

Compare two values, returning true if the values are equal, and false otherwise. Structural comparison is supported, so the values may be of any type including objects and arrays. If any argument is undefined, the result is undefined.

Result type: any
Supports the ci modifier?: Yes

Operator >

Compare two numbers and return true if the left-hand operand is greater than the right-hand operand. If any argument is non-numeric, the result is undefined.

Result type: bool

Operator >=

Compare two numbers and return true if the left-hand operand is greater than or equal to the right-hand operand. If any argument is non-numeric, the result is undefined.

Result type: bool

Operator and

The logical AND operator. The result of a and b is true if and only if both a and b are true; the result is otherwise false. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.

Result type: bool

Operator not (prefix)

Logical NOT. Evaluates to true only if the operand is false, or if the operand is undefined. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.

Result type: bool

Operator or

The logical OR operator. The result of a or b is true if either a or b is true; otherwise the result is false. Type coercion is not performed. If any argument is non-Boolean, the result is undefined.

Result type: bool