contains()

The contains() function is used to check if a substring exists within a given string or the value of a field in an event. It takes two arguments:

The first argument is either a literal string or a JSON pointer that represents the field or value to be searched.
The second argument is the substring to be searched for within the first argument. The function returns true if the substring specified in the second argument is found within the string or field value represented by the first argument. It returns false if it is not.

For example, if you want to check if the string "abcd" is contained within the value of a field named message, you can use the contains() function as follows:

contains('/message', 'abcd')

This will return true if the field message contains the substring abcd or false if it does not.

Alternatively, you can also use a literal string as the first argument:

contains('This is a test message', 'test')

In this case, the function will return true because the substring test is present within the string This is a test message.

Note that the contains() function performs a case-sensitive search by default. If you need to perform a case-insensitive search, you can use the containsIgnoreCase() function instead.

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

contains()

OpenSearch Links

Get Involved

Resources

Contact Us