Regular Expression Engine V2. Regular expression engine V2 is the default regex engine from 1.227. For more information, see Regular Expression Engine V2 Syntax Patterns. The following tables …

May 31, 2023 · LogScale's regular expression functionality is built on the JitRex engine and shares similar syntax with common regex implementations like Perl, JavaScript, and re2, though some …

Filter incoming events that match the regular expression Capture (extract) data using regex-based field extraction, and then filtering the events Capturing (extracting) data without filtering (when using the …

The CrowdStrike Query Language (CQL) is the syntax that lets you compose queries to retrieve, process, and analyze data in Falcon LogScale. The query language is built around a chain of data …

LogScale query functions take a set of events, parameters, or configurations. They produce, reduce, or modify values within that set, or in the events themselves within a query pipeline. The Query …

The documentation covers LogScale operators and their usage in comparing field values across strings, numbers, and regular expressions, including detailed explanations of string comparison operators (=, …

selfJoin() This function is used to collate data from events that share a key. Often the groupBy() function can be used for this, but if there are too many keys (defaulting to 100,000) then the result is …

LogScale provides two regular expression engines - the default v1 engine and a newer v2 engine (enabled with the 'F' flag), with the latter aiming to offer improved performance while maintaining …

Both functions use a salt value (defined by the salt parameter) that is used as a random string added to the data before hashing. The salt value allows for customized hash generation which may be …

The query is used to sample events keeping only specified percentage of the events, and then find the most common host among the sampled events. Event sampling can be used to determine the …