Replaces each substring of the specified fields value that matches the given regular expression with the given replacement. Humio uses JitRex which closely follows the syntax of re2j regular expressions, which has a syntax very close to Java’s regular expressions. Check out the syntax.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| regex | string | Yes | The regular expression to match | |
| with | string | No | The string to substitute for each match (defaults to “") | |
| replacement | string | No | The string to substitute for each match (same as with) | |
| as | string | No | Specifies the field to store the replaced string as. Default is replacing the contents of the input field | |
| field | string | No | @rawstring | Specifies the field to run the replacement on. Default is running against @rawstring |
| flags | string | No | m | Specifies other regex flags m is multi line, i is ignore case, and d means dot (.) includes newline. |
regex is the unnamed parameter.
Correct a spelling mistake
replace(regex=rpoperties, with=properties)
Get the integer part of a number. This example uses regex capturing groups, and stores the replacement in the field b, leaving field a untouched. This is the same as regex("(?\d+)..*", field=a) using a named capture group.
replace("(\d+)\..*", with="$1", field=a, as=b)