Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Filters a record set based on a case-sensitive regular expression value.
For more information about other operators and to determine which operator is most appropriate for your query, see datatype string operators.
Note
Performance depends on the type of search and the structure of the data. For best practices, see Query best practices.
T |
where
col matches
regex
(
expression)
Learn more about syntax conventions.
Name | Type | Required | Description |
---|---|---|---|
T | string |
✔️ | The tabular input whose records are to be filtered. |
col | string |
✔️ | The column by which to filter. |
expression | scalar | ✔️ | The regular expression regex.md used to filter. The maximum number of regex groups is 16. For more information about the regex syntax supported by Kusto, see regular expression. |
Rows in T for which the predicate is true
.
StormEvents
| summarize event_count=count() by State
| where State matches regex "K.*S"
| where event_count > 10
| project State, event_count
Output
State | event_count |
---|---|
KANSAS | 3166 |
ARKANSAS | 1028 |
LAKE SUPERIOR | 34 |
LAKE ST CLAIR | 32 |