strcmp function compares two strings lexicographically and returns an integer indicating their relationship. Use this function to sort strings, validate string ordering, or implement custom comparison logic in your queries.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, you typically use comparison operators. APL’s
strcmp provides explicit lexicographic comparison with numeric return values.ANSI SQL users
ANSI SQL users
In ANSI SQL, string comparison varies. APL’s
strcmp provides C-style string comparison returning -1, 0, or 1.Usage
Syntax
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string1 | string | Yes | The first string to compare. |
| string2 | string | Yes | The second string to compare. |
Returns
Returns an integer: -1 if string1 is less than string2, 0 if they are equal, 1 if string1 is greater than string2.Use case examples
- Log analysis
- OpenTelemetry traces
- Security logs
Compare HTTP methods to establish custom ordering for request type analysis.QueryRun in PlaygroundOutput
This query uses strcmp to categorize HTTP methods relative to ‘GET’, enabling analysis of request type distribution by status code.
| status | get_requests | before_get | after_get |
|---|---|---|---|
| 200 | 5432 | 1234 | 2109 |
| 404 | 1987 | 234 | 120 |
List of related functions
- tolower: Converts strings to lowercase. Use this before strcmp for case-insensitive comparison.
- toupper: Converts strings to uppercase. Use this before strcmp for case-insensitive comparison.
- strlen: Returns string length. Use this to compare strings by length rather than lexicographically.
- indexof: Finds substring positions. Use this for substring comparison rather than full string comparison.