Skip to end of metadata
Go to start of metadata

As powerful as regular expression matching is, there are times when you need a more freeform expression to precisely select the events in which you are interested. Instead of following the eventex type with a series of attribute-regex pairs to match attributes, the type can be followed with a single expression. If the type and domain match and the expression's value is true, then the eventex matches. Attribute names can be used as variables in the expression, but attribute expressions actually have the full power of expressions.

Attribute expressions are introduced to a primitive eventex with the where keyword. For example, the following two eventexes mean the same thing:

select when pageview where url.match(re#/archives/\d{4}/#)
select when pageview url re#/archives/\d{4}/#

But suppose you only want to match events when the year in the archive path of the URL is greater than 2003? You could express that using regexes, but it gets messy. The following eventex accomplishes that easily:

select when pageview where url.extract(re#/archives/(\d{4})/#).head() > 2003

The extract() operator in this expression returns an array of matches in the regex. The head() operator returns the first element in the array for use in the inequality test.

While only a single attribute expression can be used in a primitive eventex, you can use Boolean operators to test scenarios that are more complex. The following eventex not only matches articles after 2003 but also requires that the title contain the string "Utah":

select when pageview where url.extract(re#/archives/(\d{4})/#).head() > 2003 &&
                           title.match("Utah")

Attribute expressions provide a powerful and flexible way to match individual events.

  • No labels