LogoLogo
WebsiteBlogLogin
  • Onum Docs
  • Use Cases
  • Videos
  • Release Notes
  • Welcome
  • Getting Started
    • About Onum
    • Architecture
    • Deployment
    • Getting Started with Onum
    • Understanding The Essentials
      • Cards and Table Views
      • Data Types
      • Graph Calculations
      • The Time Range Selector
    • Key Terminology
  • THE WORKSPACE
    • Home
    • Listeners
      • Cloud Listeners
      • Listener Integrations
        • Amazon SQS
        • Amazon S3
        • Apache Kafka
        • Azure Event Hubs
        • Cisco NetFlow
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • HTTP Pull
        • Microsoft 365
        • OpenTelemetry
        • Syslog
        • TCP
      • Labels
    • Pipelines
      • Building a Pipeline
        • AI Assistant
          • AI Pipeline Assistant
          • AI Action Assistant
      • Listeners
      • Actions
        • Advanced
          • Anonymizer
          • Bring Your Own Code
          • Field Generator
          • For Each
          • Google DLP
          • HTTP Request
          • Redis
        • Aggregation
          • Accumulator
          • Group By
        • AI
          • Amazon GenAI
          • BLIP-2
          • Cog
          • Google GenAI
          • Llama
          • Replicate
        • Detection
          • Sigma Rules
        • Enrichment
          • Lookup
        • Filtering
          • Conditional
          • Sampling
        • Formatting
          • Message Builder
        • Transformation
          • Field Transformation
            • Field Transformation Operations
              • Arithmetic / Logic
                • Divide Operation
                • Median
                • Multiply Operation
                • Subtract Operation
                • Sum Operation
              • Code tidy
                • JSON Minify
              • Control characters
                • Escape String
                • Unescape String
              • Conversion
                • Convert Area
                • Convert Data Units
                • Convert Distance
                • Convert Mass
                • Convert Speed
                • List to String
                • String to List
              • Data format
                • From Base
                • From Base64
                • From Hex
                • To Base
                • To Base64
                • To Hex
              • Date / Time
                • From Unix Timestamp
                • To Timestamp
                • To Unix Timestamp
                • Translate Datetime Format
              • Encoding / Decoding
                • From Binary
                • To Binary
                • To Decimal
              • Encryption / Encoding
                • JWT Decode
              • File system permissions
                • Parse Unix file permissions
              • Format conversion
                • CSV to JSON
                • JSON to CSV
              • Hashing
                • Keccak
                • MD2
                • MD4
                • MD5
                • SHA0
                • SHA1
                • SHA2
                • SHA3
                • Shake
                • SM3
              • List manipulation
                • Index list boolean
                • Index list float
                • Index list integer
                • Index list string
                • Index list timestamp
              • Networking
                • Defang IP Address
                • Defang URL
                • Extract IP Address
                • Fang IP Address
                • Fang URLs
                • IP to Hexadecimal
                • Parse URI
                • URL Decode
                • URL Encode
              • Other
                • Parse Int
              • String
                • Length
              • Text sample adding
                • Pad Lines
              • Utils
                • Byte to Human Readable
                • Count Occurrences
                • CRC8 Checksum
                • CRC16 Checksum
                • CRC24 Checksum
                • CRC32 Checksum
                • Credit Card Obfuscator
                • Filter
                • Find and Replace
                • Regex
                • Remove Whitespace
                • Reverse String
                • Shuffle
                • Sort
                • Substring
                • Swap Case
                • To Lower Case
                • To Upper Case
          • Flat JSON
          • JSON Transformation
          • JSON Unroll
          • Math Expression
          • Parser
            • PCL (Parser Configuration Language)
        • Utils
          • Unique
      • Data sinks
      • Bulk Changes
      • Publishing & Versioning
      • Test your Pipeline
    • Data sinks
      • Data sink Integrations
        • Amazon S3
        • Amazon SQS
        • Azure Blob Storage
        • Azure Event Hubs
        • Devo
        • Google BigQuery
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • Jira
        • Mail
        • Null
        • OpenTelemetry
        • PagerDuty
        • Pushover
        • Qradar
        • Relational Databases
        • ServiceNow
        • Slack
        • Splunk HEC
        • Syslog
        • TCP
        • Telegram
        • Twilio
    • Alerts
  • YOUR VAULT
    • Enrichment
    • Data History
    • Actions
  • ADMINISTRATION
    • Tenant Menu
    • Global Settings
      • Your Account
      • Organization Settings
        • Secrets Management
      • Tenant
        • Authentication
        • Users
        • Activity Log
        • API Keys
  • MARKETPLACE
    • Onum Marketplace
      • Pulling Pipelines
        • Netskope Events Alert
        • OKTA System Log API
        • Sophos Connector SIEM
Powered by GitBook
On this page
  • Description
  • Data types
  • Input data
  • Output data
  • Parameters
  • Examples

Was this helpful?

Export as PDF
  1. THE WORKSPACE
  2. Pipelines
  3. Actions
  4. Transformation
  5. Field Transformation
  6. Field Transformation Operations
  7. Utils

Count Occurrences

PreviousByte to Human ReadableNextCRC8 Checksum

Last updated 2 months ago

Was this helpful?

Description

This operation counts the number of times a provided string (character, word, or phrase) appears in the given input data.


Data types

These are the input/output expected data types for this operation:

Input data

- Data you want to analyze.

Output data

- Count of the specified character, word, or pattern you searched for.


Parameters

These are the parameters you need to configure to use this operation (mandatory parameters are marked with a *):

Search*

Enter the specific character, word, or pattern you want to count.

Search Type*

Select the type of search you want to perform. The available options are:

  • Regex - Choose this option if you want to use regular expressions.

  • Extended - Choose this option for extended regular expressions. An extended regular expression specifies a set of strings to be matched. The expression contains both text characters and operator characters.

  • Simple - Choose this option if you want to perform a simple string matching. Note that this search type is not case-sensitive (A is different from a).


Examples

Simple search example

Suppose you want to check the number of occurrences of the term test in a series of events:

  1. In the Operation field, choose Count occurrences.

  2. Set Search to test.

  3. Set Search Type to simple.

  4. Give your Output field a name and click Save. The count will be displayed in the output field.

In this example, given the following string:

Accepted password for test domain

The result count will be 1.

RegEx search example

Suppose you want to count words that start with the letter "c" (either small or capital) in your input data:

  1. In the Operation field, choose Count occurrences.

  2. Set Search to \b[Cc]\w*.

  3. Set Search Type to regex.

  4. Give your Output field a name and click Save. The count will be displayed in the output field.

In this example, given the following string:

Core temperature above threshold, CPU clock throttled

The result count will be 3.

RegEx explanation:

  • \b matches a word boundary, ensuring the match starts at the beginning of a word.

  • C matches the letter "c."

  • \w* matches any number of alphanumeric characters after "C," effectively capturing entire words.

Extended RegEx search example

Suppose you want to get the occurrences of the word "error" but not if it’s followed by "404". To do it:

  1. In the Operation field, choose Count occurrences.

  2. Set Search to error(?!\s404).

  3. Set Search Type to extended.

  4. Give your Output field a name and click Save. The count will be displayed in the output field.

In this example, given the following strings:

error404 - 404 is an error that tells a web is not available.

The result count will be 2.

RegEx explanation:

  • error matches the word "error."

  • (?!\s404) is a negative lookahead that ensures "error" is not followed by " 404".

You can try out operations with specific values using the Input field above the operation. You can enter the value in the example above and check the result in the Output field.

In your Pipeline, open the required configuration and select the input Field.

In your Pipeline, open the required configuration and select the input Field.

In your Pipeline, open the required configuration and select the input Field.

Action
Action
Action