# ExtractParseParse-kv-Tabular This is example from WPNinja Summit 2022 session "Throwing KQL like a shuriken". Presented by Gianni Castaldi and Alex Verboon ``` // Oldschool extract with regex let Table = datatable(ParseMe:string) [ 'fruit="Apples", color="Orange", packing="Bottle"', 'fruit="Bananas", color="Red", packing="Crate"', 'fruit="Pears", color="Green", packing="Box"', 'fruit="Cherries", color="Yellow", packing="Envelope"', 'fruit="Oranges", color="Blue", packing="Tube"' ]; Table | extend fruit = extract('fruit="(\\w+)',1,ParseMe) , color = extract('color="(\\w+)',1,ParseMe) , packing = extract('packing="(\\w+)',1,ParseMe) // But extract is slow and regex is hard let Table = datatable(ParseMe:string) [ 'fruit="Apples", color="Orange", packing="Bottle"', 'fruit="Bananas", color="Red", packing="Crate"', 'fruit="Pears", color="Green", packing="Box"', 'fruit="Cherries", color="Yellow", packing="Envelope"', 'fruit="Oranges", color="Blue", packing="Tube"' ]; Table | parse ParseMe with 'fruit="' fruit '", color="' color '", packing="' packing // So parse needs to be in the same order let Table = datatable(ParseMe:string) [ 'fruit="Apples", color="Orange", packing="Bottle"', 'fruit="Bananas", color="Red", packing="Crate"', 'fruit="Pears", color="Green", packing="Box"', 'fruit="Cherries", color="Yellow", packing="Envelope"', 'fruit="Oranges", color="Blue", packing="Tube"' ]; Table | parse-kv ParseMe as ( fruit:string , color:string , packing:string ) with (pair_delimiter=',', kv_delimiter='=', quote='"') // Now what if we mixup the keys? let Table = datatable(ParseMe:string) [ 'fruit="Apples", color="Orange", packing="Bottle"', 'fruit="Bananas", color="Red", packing="Crate"', 'fruit="Pears", color="Green", packing="Box"', 'fruit="Cherries", color="Yellow", packing="Envelope"', 'fruit="Oranges", color="Blue", packing="Tube"' ]; Table | parse-kv ParseMe as ( packing:string , color:string , fruit:string ) with (pair_delimiter=',', kv_delimiter='=', quote='"') // Tabular Function let TableParser = (Table:(ParseMe:string)) { Table | parse-kv ParseMe as ( fruit:string , color:string , packing:string ) with (pair_delimiter=',', kv_delimiter='=', quote='"') | project-away ParseMe }; // Table let Table = datatable(ParseMe:string) [ 'fruit="Apples", color="Orange", packing="Bottle"', 'fruit="Bananas", color="Red", packing="Crate"', 'fruit="Pears", color="Green", packing="Box"', 'fruit="Cherries", color="Yellow", packing="Envelope"', 'fruit="Oranges", color="Blue", packing="Tube"' ]; TableParser(Table) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sandyzeng.gitbook.io/kql/kql-quick-guide/need-to-learn-later/extractparseparse-kv-tabular.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.