Forum Discussion
Kusto Regex Matches
I'm trying write a query that will match logs where a field contains any domain other than our own. This is what I have tried: | where Recipient matches regex @"(@(?!ourdomain)[A-Za-z0-9]+(.))"...
andrew_bryant do you have any updates on this matches regex issue?
I seem to have run into it trying to implement two Sentinel query templates which use this function,
e.g. this one
I also note an overnight post by another contributor which looks like a similar issue to me ...
This would ignore your domain
let Recepient = "This fake fakeperson@fake.com";
print Recepient
| extend ourDom = iif(not(Recepient matches regex @"([A-Za-z0-9]*ourdomain.com)"),
extract (@"([A-Za-z0-9]*.com)",0,Recepient),
"Matched to ourdomain.com")
| project ourDom