filter
The filter
operation filters sequences based on a boolean condition.
To filter matched sequences, use filter MATCHED
.
Syntax
filter <filter condition>
<filter condition> = <condition 1> and <condition 2> and ...
- Conditions can reference implicit tags:
PREFIX
- all events before the start of the match; evaluated at the end after constructing a possible matchSUFFIX
- all events after the end of the match; evaluated at the end after constructing a possible matchSEQ
- all events in a sequence; evaluated before starting matching
- Conditions that return boolean vectors are automatically wrapped into the
all()
function, for example:match A()+ if A.dim = ‘value’
becomesmatch A()+ if all(A.dim = ‘value’)
Examples
Filter to matched sequences
filter MATCHED
Filter to sequences that didn't match
filter not MATCHED
Filter sequences starting after a given date
filter SEQ[0].ts >= '2024-01-01'
Filter sequences starting before a given date
filter SEQ[0].ts <= '2024-01-01'
Filter to a specific user
filter SEQ[0].actor = 'user_id'
Filter to user IDs matching a given pattern
filter SEQ[0].actor like '%query_pattern%'
Exclude user IDs matching a given pattern
filter not SEQ[0].actor like '%query_pattern%'
Filter sequences based on event dimension value
match event1
filter event1.dimension = 'value'