1.8 KiB
1.8 KiB
DISSECT [esql-dissect]
DISSECT enables you to extract structured data out of a string.
Syntax
DISSECT input "pattern" [APPEND_SEPARATOR="<separator>"]
Parameters
input- The column that contains the string you want to structure. If the column has
multiple values,
DISSECTwill process each value. pattern- A dissect pattern. If a field name conflicts with an existing column, the existing column is dropped. If a field name is used more than once, only the rightmost duplicate creates a column.
<separator>- A string used as the separator between appended values, when using the append modifier.
Description
DISSECT enables you to extract structured data out of a string.
DISSECT matches the string against a delimiter-based pattern, and extracts the specified keys as columns.
Refer to Process data with DISSECT for the syntax of dissect patterns.
Examples
The following example parses a string that contains a timestamp, some text, and an IP address:
:::{include} ../examples/docs.csv-spec/basicDissect.md :::
By default, DISSECT outputs keyword string columns. To convert to another
type, use Type conversion functions:
:::{include} ../examples/docs.csv-spec/dissectWithToDatetime.md :::