Log processing functions - Comparison
EQUAL
expr1 = expr2
EQUAL(expr1, expr2)
Returns true if the expressions are equal.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(1 = 1);| equal |
|---|
| true |
NOT_EQUAL
expr1 <> expr2
expr1 != expr2
NOT_EQUAL(expr1, expr2)
Returns true if the expressions are not equal.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(1 != 1);| equal |
|---|
| false |
GREATER
expr1 > expr2
GREATER(expr1, expr2)
Returns true if expr1 is greater than expr2.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(gr_op:2 > 1, gr_f:GREATER(1,1));| gr_op | gr_f |
|---|---|
| true | false |
LESS
expr1 < expr2
LESS(expr1, expr2)
Returns true if expr1 is less than expr2.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(l_op:1 < 2, l_f:LESS(1,1));| l_op | l_f |
|---|---|
| true | false |
GREATER_OR_EQUAL
expr1 >= expr2
GREATER_OR_EQUAL(expr1, expr2)
Returns true if expr1 is greater than or equal to expr2.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(gr_op:2 >= 1, gr_f:GREATER_OR_EQUAL(1,1));| gr_op | gr_f |
|---|---|
| true | true |
LESS_OR_EQUAL
expr1 <= expr2
LESS_OR_EQUAL(expr1, expr2)
Returns true if expr1 is less than or equal to expr2.
Returns NULL if expr1 or expr2 arguments evaluate to NULL.
Returns FALSE otherwise.
output type
BOOLEAN
Example:
FIELDS_ADD(gr_op:1 <= 2, gr_f:GREATER_OR_EQUAL(1,1));| gr_op | gr_f |
|---|---|
| true | true |
IS NULL
expr IS NULL
IS_NULL(expr)
Returns true if expr is NULL, otherwise returns false.
output type
BOOLEAN
Example:
FIELDS_ADD(s, is_null:IS_NULL(s));| s | is_null |
|---|---|
| 0ho0 | false |
IS NOT NULL
expr IS NOT NULL
IS_NOT_NULL(expr)
Returns true if expr is NOT NULL, otherwise returns false.
output type
BOOLEAN
Example:
FIELDS_ADD(s, is_not_null:s IS NOT NULL);| s | is_not_null |
|---|---|
| 0ho0 | true |
IN
expr IN array
Returns true if expr is present in array, otherwise returns FALSE.
expr NOT IN array
A negated version of the above: Returns true if expr is not present in array, otherwise returns FALSE.
Returns NULL if array evaluates to NULL.
output type
BOOLEAN
Note
the expr has to be the same type as items in the array.
Example:
FIELDS_ADD(str_in:'a' IN ['b','c','a'], ip_in:192.168.3.44 IN 192.168.0.0/8);| str_in | ip_in |
|---|---|
| true | true |
expr IN list
Returns true if expr is present in list, otherwise returns FALSE.
expr NOT IN list
A negated version of the above: Returns true if expr is not present in list, otherwise returns FALSE.
Returns NULL if list evaluates to NULL.
output type
BOOLEAN
Note
All members of the list have to be the same type as the expr being tested…
Example:
FIELDS_ADD(ip, ip IN (0.0.0.1, 0.0.0.2, 0.0.0.3));| ip | is_in |
|---|---|
| 0.0.0.0 | false |
| 0.0.0.1 | true |
| 0.0.0.2 | true |
FALSE_OR_NULL
FALSE_OR_NULL(boolean_expr)
Returns true if boolean_expr returns false or null
output type
BOOLEAN
Example:
FIELDS_ADD(i, FALSE_OR_NULL(i = 0));| i | false_or_null |
|---|---|
| 0 | false |
| 1 | true |
TRUE_OR_NULL
TRUE_OR_NULL(boolean_expr)
Returns true if boolean_expr returns true or null
output type
BOOLEAN
Example:
FIELDS_ADD(i, TRUE_OR_NULL(i = 0));| i | true_or_null |
|---|---|
| 0 | true |
| 1 | false |