Operators
Unary operators
The following unary operations are available. It is possible to use brackets around the operand to make it look like a function call as in the "defined" example below.
- not
-
The not operator expects a boolean value. It will evaluate to undef if the value is undefined. If it receives an unknown value that evaluates to a non-boolean, it will result in a run-time execution error.
Example 1. Using the "not" operandIf the
$Success
field has a value of false, an error is logged.if not $Success log_error("Job failed");
- -
-
The unary negation (
-
) operator changes the operand into a negative. Unary negation as a sign inversion operator (multiplying a value by -1) is not supported. See also the subtraction binary operator.Correct and incorrect usage of unary negation$a = -1 # Valid. $b = -(-1); # Invalid. Translates to nothing - (-1). $b = -$a; # Invalid. Translates to nothing - $a. $b = -($a); # Invalid. Translates to nothing - ($a).
Example 2. Unary negationThis statement will always print "ten".
if 5 - (-5) == 10 log_info("ten");
- defined
-
The defined operator will evaluate to TRUE if the operand is defined, otherwise FALSE.
Example 3. Using the Unary "defined" OperationThis statement is a no-op, it does nothing.
if defined undef log_info("never printed");
If the
$EventTime
field has not been set (due perhaps to failed parsing), it will be set to the current time.if not defined($EventTime) $EventTime = now();
Binary operators
The following binary operations are available.
The operations are described with the following syntax:
LEFT_OPERAND_TYPE OPERATION RIGHT_OPERAND_TYPE = EVALUATED_VALUE_TYPE
- =~
-
This is the regular expression match operation as in Perl. This operation takes a string and a regular expression operand and evaluates to a boolean value which will be TRUE if the regular expression matches the subject string. Captured sub-strings are accessible through numeric reference (such as
$1
) and the full subject string is placed into$0
. Regular expression-based string substitution is supported with thes///
operator. For more details, see Regular Expressions.Example 4. Regular expression string-matchingA log message will be generated if the
$Message
field matches the regular expression.if $Message =~ /^Test message/ log_info("matched");
- !~
-
This is the opposite of =~
The expression will evaluate to
TRUE
if the regular expression does not match on the subject string. It can be also written asnot LEFT_OPERAND =~ RIGHT_OPERAND
. Thes///
substitution operator is supported.Example 5. Negative regular expression string-matchingA log message will be generated if the
$Message
field does not match the regular expression.if $Message !~ /^Test message/ log_info("didn't match");
- ==
-
This operator compares two values for equality. Comparing a defined value with an undefined results in undef.
Example 6. EqualityA log message will be generated if
$SeverityValue
is 1.if $SeverityValue == 1 log_info("severity is one");
- !=
-
This operator compares two values for inequality. Comparing a defined value with an undefined results in undef.
Example 7. InequalityA log message will be generated if
$SeverityValue
is not 1.if $SeverityValue != 1 log_info("severity is not one");
- <
-
This operation will evaluate to TRUE if the left operand is less than the right operand, and FALSE otherwise. Comparing a defined value with an undefined results in undef.
Example 8. LessA log message will be generated if
$SeverityValue
is less than 1.if $SeverityValue < 1 log_info("severity is less than one");
- <=
-
This operation will evaluate to TRUE if the left operand is less than or equal to the right operand, and FALSE otherwise. Comparing a defined value with an undefined results in undef.
Example 9. Less or EqualA log message will be generated if
$SeverityValue
is less than or equal to 1.if $SeverityValue < 1 log_info("severity is less than or equal to one");
- >
-
This operation will evaluate to TRUE if the left operand is greater than the right operand, and FALSE otherwise. Comparing a defined value with an undefined results in undef.
Example 10. GreaterA log message will be generated if
$SeverityValue
is greater than 1.if $SeverityValue > 1 log_info("severity is greater than one");
- >=
-
This operation will evaluate to TRUE if the left operand is greater than or equal to the right operand, and FALSE otherwise. Comparing a defined value with an undefined results in undef.
Example 11. Greater or EqualA log message will be generated if
$SeverityValue
is greater than or equal to 1.if $SeverityValue >= 1 log_info("severity is greater than or equal to one");
- and
-
This operation evaluates to TRUE if and only if both operands are TRUE. The operation will evaluate to undef if either operand is undefined.
Example 12. And OperationA log message will be generated only if both
$SeverityValue
equals 1 and$FacilityValue
equals 2.if $SeverityValue == 1 and $FacilityValue == 2 log_info("1 and 2");
- or
-
This operation evaluates to TRUE if either operand is TRUE. The operation will evaluate to undef if both operands are undefined.
Example 13. Or OperationA log message will be generated if
$SeverityValue
is equal to either 1 or 2.if $SeverityValue == 1 or $SeverityValue == 2 log_info("1 or 2");
- +
-
This operation will result in an integer if both operands are integers. If either operand is a string, the result will be a string where non-string typed values are converted to strings. In this case it acts as a concatenation operator, like the dot (
.
) operator in Perl. Adding an undefined value to a non-string will result in undef.Example 14. ConcatenationThis statement will always cause a log message to be generated.
if 1 + "a" == "1a" log_info("this will be printed");
- -
-
Subtraction. The result is
undef
if either operand is undefined.If an integer immediately follows the minus operator, it is treated as unary negation.
Correct and incorrect usage of the subtraction operator$a = 2; $b = 1- 1; # Valid. Translates to 1 - 1. $b = 1--1 # Valid. Translates to 1 - (-1). $b = 1-$a; # Valid. Trnslates to 1 - 2. $b = 1-1; # Invalid. Translates to 1 (-1). $b = 1 -1; # Invalid. Translates to 1 (-1).
Example 15. SubtractionThis statement will always output a log message.
if 4 - 1 == 3 log_info("four minus one is three");
- *
-
Multiply an integer with another. The result will be undef if either operand is undefined.
Example 16. MultiplicationThis statement will always cause a log message to be generated.
if 4 * 2 == 8 log_info("four times two is eight");
- /
-
Divide an integer with another. The result will be undef if either operand is undefined. Since the result is an integer, a fractional part is lost.
Example 17. DivisionThis statement will always cause a log message to be generated.
if 9 / 4 == 2 log_info("9 divided by 4 is 2");
- %
-
The modulo operation divides an integer with another and returns the remainder. The result will be undef if either operand is undefined.
Example 18. ModuloThis statement will always cause a log message to be generated.
if 3 % 2 == 1 log_info("three mod two is one");
- IN
-
This operation will evaluate to TRUE if the left operand is equal to any of the expressions in the list on the right, and FALSE otherwise. Comparing a undefined value results in undef.
Example 19. INA log message will be generated if
$EventID
is equal to any one of the values in the list.if $EventID IN (1000, 1001, 1004, 4001) log_info("EventID found");
Ternary operators
The ternary operator expr1 ? expr2 : expr3
evaluates to expr2 if
expr1 is TRUE
, otherwise to expr3. The parentheses as shown here are
optional.
The $Important
field is set to TRUE
if $SeverityValue
is greater than 2
, or FALSE
otherwise.
$Important = ( $SeverityValue > 2 ? TRUE : FALSE );