matches regex operator
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Filters a record set based on a case-sensitive regular expression value.
For more information about other operators and to determine which operator is most appropriate for your query, see datatype string operators.
Note
Performance depends on the type of search and the structure of the data. For best practices, see Query best practices.
Syntax
T | where col matches regex (expression)
Learn more about syntax conventions.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| T | string |
✔️ | The tabular input whose records are to be filtered. |
| col | string |
✔️ | The column by which to filter. |
| expression | scalar | ✔️ | The regular expression regex.md used to filter. The maximum number of regex groups is 16. For more information about the regex syntax supported by Kusto, see regular expression. |
Returns
Rows in T for which the predicate is true.
Example
StormEvents
| summarize event_count=count() by State
| where State matches regex "K.*S"
| where event_count > 10
| project State, event_count
Output
| State | event_count |
|---|---|
| KANSAS | 3166 |
| ARKANSAS | 1028 |
| LAKE SUPERIOR | 34 |
| LAKE ST CLAIR | 32 |