SOLVED

regex matching for multi-line strings

%3CLINGO-SUB%20id%3D%22lingo-sub-198187%22%20slang%3D%22en-US%22%3Eregex%20matching%20for%20multi-line%20strings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198187%22%20slang%3D%22en-US%22%3E%3CP%3EAccording%20to%20the%20documentation%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.loganalytics.io%2Fdocs%2FLanguage-Reference%2FReferences%2FRegular-Expressions-syntax%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.loganalytics.io%2Fdocs%2FLanguage-Reference%2FReferences%2FRegular-Expressions-syntax%3C%2FA%3E%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%22%3CSPAN%3EFlag%20syntax%20is%20xyz%20(set)%20or%20-xyz%20(clear)%20or%20xy-z%20(set%20xy%2C%20clear%20z).%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EUnfortunately%20I%20did%20not%20find%20an%20example%20in%20the%20documentation%20on%20how%20to%20set%20the%20flags.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EExample%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3Edatatable(Message%3C%2FSPAN%3E%3CSPAN%3E%3A%3C%2FSPAN%3E%3CSPAN%3Estring%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%5B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22Hello%20world%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22Hello%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Emulti-line%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Eworld%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22foo%20bar%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%5D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20Message%20%3C%2FSPAN%3E%3CSPAN%3Ematches%3C%2FSPAN%3E%20%3CSPAN%3Eregex%3C%2FSPAN%3E%20%3CSPAN%3E%22%5EHello.*line.*%24%22%3C%2FSPAN%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3Ereturns%20no%20result%20because%20the%20m%20and%20s%20flags%20are%20not%20set.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EThe%20question%20is%3A%20how%20to%20set%20the%20%22multi-line%22%20(m)%20and%20the%20%22dot%20matches%20newline%22%20(s)%20flags%20in%20the%20query%20%3F%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EThank%20you%20in%20advance%2C%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3Ebye%20%2F%2Femil.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-198187%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198883%22%20slang%3D%22en-US%22%3ERe%3A%20regex%20matching%20for%20multi-line%20strings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198883%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20solution%20is%3A%3C%2FP%3E%3CPRE%3E%7C%20%3CSPAN%20class%3D%22csl-operator%22%3Ewhere%3C%2FSPAN%3E%20Message%20%3CSPAN%20class%3D%22csl-suboperator%22%3Ematches%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22csl-suboperator%22%3Eregex%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22csl-string-literal%22%3E%22(%3Fms)%5EHello.*%5C%5Cs*.*line.*%24%22%3C%2FSPAN%3E%3C%2FPRE%3E%3CP%3EThanks%20Yoni%20!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

According to the documentation (https://docs.loganalytics.io/docs/Language-Reference/References/Regular-Expressions-syntax:(

"Flag syntax is xyz (set) or -xyz (clear) or xy-z (set xy, clear z)."

 

Unfortunately I did not find an example in the documentation on how to set the flags.

Example:

 

datatable(Message:string)
[
"Hello world",
"Hello
multi-line
world",
"foo bar"
]
| where Message matches regex "^Hello.*line.*$" 
 
returns no result because the m and s flags are not set.
 
The question is: how to set the "multi-line" (m) and the "dot matches newline" (s) flags in the query ?
 
Thank you in advance,
 
bye //emil.
1 Reply
Best Response confirmed by Emilian Ertel (Occasional Contributor)
Solution

The solution is:

| where Message matches regex "(?ms)^Hello.*\\s*.*line.*$"

Thanks Yoni !