docs/reference/query-languages/esql/_snippets/commands/layout/dissect.md
serverless: ga
stack: ga
DISSECT enables you to extract structured data out of a string.
DISSECT input "pattern" [APPEND_SEPARATOR="<separator>"]
input
: The column that contains the string you want to structure.
If the column has multiple values, DISSECT will process each value.
pattern
: A dissect pattern.
If a field name conflicts with an existing column, the existing column is dropped.
If a field name is used more than once, only the rightmost duplicate creates a column.
<separator>
: A string used as the separator between appended values, when using the append modifier.
DISSECT enables you to extract structured data out of a string.
DISSECT matches the string against a delimiter-based pattern, and extracts the specified keys as columns.
Refer to Process data with DISSECT for the syntax of dissect patterns.
The following examples show how to parse and convert structured strings with DISSECT.
Parse a string that contains a timestamp, some text, and an IP address:
:::{include} ../examples/docs.csv-spec/basicDissect.md :::
By default, DISSECT outputs keyword string columns. To convert to another
type, use Type conversion functions:
:::{include} ../examples/docs.csv-spec/dissectWithToDatetime.md :::