How does the "contains" method work when querying data in Panther?

QUESTION

How do I use the contains method when querying data in Data Explorer in my Panther Console? 

ANSWER

Snowflake's contains can be a partial match for the data, and Snowflake's array_contains method requires an exact match for the data in question.

Examples

Snowflake contains method:

CONTAINS( <expr1> , <expr2> )
where <expr1> is 'The string to search in'.
and <expr2> is 'The string to search for'.

SELECT
    *
FROM
    panther_logs.public.okta_systemlog
WHERE
    contains(p_any_ip_addresses::varchar, '1.2')
LIMIT 10; 

Snowflake array_contains method:

SELECT
    *
FROM
    panther_logs.public.okta_systemlog
WHERE
    array_contains('1.2.3.4'::variant, p_any_ip_addresses)
LIMIT 10;

Similarly for int values in the array_contains method:

SELECT
    *
FROM
    panther_logs.public.okta_systemlog
WHERE
    array_contains(7022::int, securityContext:asNumber)
LIMIT 10;

Additional information:

• Snowflake CONTAINS documentation

• Snowflake ARRAY_CONTAINS documentation