$match (key-phrase, parse-spec) function

This function requires two arguments: the first argument specifies a match keyword or phrase; the second argument is a parse specification. The function returns the results of the parse specification only if the key-phrase appears somewhere in the message content. Otherwise, the parse specification is not matched.

Target string

Parse expression

Return value

User admin has logged into location dev001 system.

$match(admin, $7)

dev001

User admin has logged into location dev002 system.

$match(admin, location *)

dev002

The admin user test001 has logged on.

$match( admin*logged, user *)

test001

Device=dev001 User=root has logged in.

$match(device=, user=*)

root

 Device=dev001 User=root has logged in.

 $match(dev002, user=*)

No match. No value is returned because the keyword first argument dev002 does not exist in the message.

Workstation dev002 shutdown.

$match (dev002, device *)

No match. No value is returned because the parse expression does not match the string. 

Related topic

Parse-expressions


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*