Versions Compared

Old Version 9

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 10

changes.mady.by.user Sarah Bigault

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to Data Search and open the table you want to use as the source for your injection. Apply the desired operations (filters, new columns, etc.) to get only the data you want to inject into the new table. There are some things you need to consider about grouping events and hiding columns when building your query (see special considerations section below).

  2. Click the gear icon options menu in the table toolbar and select New → Injection into my.app.

  3. Fill the required fields in the New injection into my.app window (see the window below).

  4. Click Save when you're done.

...

Tables where you injected data always have a column named sourceTable that indicates the source table of each event. This information is important when creating a my.app table and inject data from several tables. Learn more about this in the following section.

...

Inject data from several tables

...

For example, the capture below shows an injection table with data from the demo.ecommerce.data and siem.logtrust.web.activity tables. In this case, the column bytesTransferred comes from the demo.ecommerce.data table, and the column domain belongs to the siem.logtrust.web.activity table. Checking the sourceTable column, you can see from which table the events come, and the bytesTransferred and domain columns show null if the column does not exist in the source table.

...

Coinciding column name

If two or more of the tables used to generate the injection table have a column with the same name, two things may occur:

  • If the data type of the columns with the same name is not the same, you will get an error message and the injection will not be created unless you perform the necessary transformations to either make the data type coincide (columns merged) or the column name differs (separate columns).

  • If the data type of the columns with the same name is the same, they will be merged in a single column. In the following capture, both the demo.ecommerce.data and siem.logtrust.web.activity tables have a column named method and its data type is string in both tables.

...

Anchor
special
special

Special considerations

...