Parse Operators

Parse operators allow you to extract fields from log messages within a query manually and on an ad-hoc basis.

For best practices use Parse operators to build Field Extraction Rules to automatically extract field values and use them to extend your query.

In this section, we'll introduce the following concepts:

Allows you to extract nested fields and other complex data from log lines.

Allows you to extract values from JSON logs with most JSONPath expressions.

Parses strings and labels anchors as fields for use in subsequent aggregation functions.

Parses on previously extracted fields, or initial parsing on a metadata field value, like a collector or source.

Allows you to split strings into multiple strings and parse delimited log entries.

Allows you to get values from a log message by specifying the key paired with each value.

Forces results to also include messages that don't match any segment of the parse expression.

Extracts a date or time from a string and provides a timestamp in milliseconds.

Allows you to parse CSV-formatted log entries using a comma as the default delimiter.

Allows you to parse specified fields from an XML log using an XPath reference.

Allows you to convert a hexadecimal string of 16 or fewer characters to a number.