Abstract
Learn more about the Cortex Query Language regextract()
function that uses regular expressions to assemble an array of matching substrings from a string.
Syntax
regextract (<string_value>, <pattern>)
Description
The regextract()
function accepts a string and a regular expression, and it returns an array containing substrings that match the expression.
Cortex Query Language (XQL) uses RE2 for its regular expression implementation. While capturing multiple groups is unsupported, capturing one group in queries is supported.
When using the (?i)
syntax for case-insensitive mode in your query, this syntax should be added only once at the beginning of the inline regular expression.
Note
Capturing multiple groups is supported in Parsing Rules when using the regexcapture function.