Parse Operators

Parse operators allow you to extract fields from log messages within a query manually and on an ad hoc basis.

For best practices, use Parse operators to build Field Extraction Rules to automatically extract field values and use them to extend your query.

In this section, we'll introduce the following concepts:

Parses strings and labels anchors as fields for use in subsequent aggregation functions.

Allows you to extract nested fields and other complex data from log lines.

Allows you to extract values from JSON logs with most JSONPath expressions.

Allows you to get values from a log message by specifying the key paired with each value.

Allows you to parse CSV-formatted log entries using a comma as the default delimiter.

Allows you to split strings into multiple strings and parse delimited log entries.

Allows you to parse specified fields from an XML log using an XPath reference.

Parses on previously extracted fields, or initial parsing on a metadata field value, like a collector or source.

Forces results to also include messages that do not match any segment of the parse expression.

Extracts a date or time from a string and provides a timestamp in milliseconds.

Allows you to convert a hexadecimal string of 16 or fewer characters to a number.