Structure

STRUCTURE { matcher_expr … }

The STRUCTURE allows capturing any sequence of matchers in tuple data type.

output type:TUPLE
quantifier:none
configuration:none

You must assign an export name to STRUCTURE to make exported members visible for the query layer.

Example: consider the following data, where we have an integer and string value, separated by a comma on each line:

1,red fox jumps
2,over lazy dog

Pattern:

1
STRUCTURE{ INT:i ',' LD:string }:struct EOL;

Parsing results with integer and string values extracted:

struct _unmatched
{i=1 string=’red fox jumps ‘} NULL
{i=2 string=’over lazy dog’} NULL