Skip to content
Cruncher

startsWith

startsWith

✓ Boolean

Check if a string begins with the given prefix as a case-sensitive match

startsWith(string, prefix) → boolean
boolean

true if string starts with prefix, false otherwise; null if either input is null

Edge Cases

Section titled “Edge Cases”
  • If string is null, returns null
  • If prefix is null, returns null
  • Empty prefix "" matches any string (returns true)
  • Search is case-sensitive: startsWith("Production", "prod") returns false

Examples

Section titled “Examples”
| where startsWith(message, "Error:")

Matches records where message starts with “Error:”.

| eval is_api_call = startsWith(request_path, "/api/")

Creates a boolean field is_api_call that is true if request_path starts with “/api/”.

| where startsWith(hostname, "prod-")

Filters to production hostnames only.

Used In

Section titled “Used In”
  • where — as a filter condition
  • eval — to create a boolean field